Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 15 usuários online :: 0 registrados, 0 invisíveis e 15 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Megalon WebClient instalado no note.
2 participantes
Página 1 de 1
Megalon WebClient instalado no note.
por Verner Kahl Ter 24 Fev 2015, 21:07
Estou com o Megalon Webclient instalado no note. Já fiz diversos procedimentos porém o aplicativo retorna ao reiniciar o note. solicito como proceder para eliminar em definitivo essa praga. fica abrindo páginas suspeitas. Tenho instalado o Avira free, já passei o Malwarebits, adwCleaner, e nada resolve. Meu win é 8.1.
Verner Kahl- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 24/02/2015
Re: Megalon WebClient instalado no note.
por joram Ter 24 Fev 2015, 22:26
/!\ Boa Noite! Verner Kahl /!\
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )
> No banner àcima,é para sistemas 32bits!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)
> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ou clique "Copier le lien (*)" e cole o link ao seu Post.
A+
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )
> No banner àcima,é para sistemas 32bits!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)
> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ou clique "Copier le lien (*)" e cole o link ao seu Post.
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Megalon WebClient instalado no note.
por Verner Kahl Qua 25 Fev 2015, 09:04
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Verner Kahl- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 24/02/2015
Re: Megalon WebClient instalado no note.
por joram Qua 25 Fev 2015, 09:28
/!\ Bom Dia! Verner Kahl /!\
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as na pasta Dowloads! /!\ C:\Users\Verner\Downloads /!\
start
CloseProcesses:
emptytemp:
(Greenwichers) C:\Program Files\Common Files\Clocker\Clocker.exe
(The Security Team) C:\Program Files\Common Files\WWS\Watchdog.exe
HKLM\...\Run: [Megalon] => C:\Program Files\Megalon\Megalon.exe [78336 2015-02-25] (The Megalon Team)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-99747896-3686439659-1212376747-1000\...\MountPoints2: {1cf003f6-b6d3-11e4-8244-3859f9c97ff2} - "F:\AutoRun.exe"
HKU\S-1-5-21-99747896-3686439659-1212376747-1000\...\MountPoints2: {4f448ba9-07b7-11e4-bea9-3859f9c97ff2} - "F:\iLinker.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
2015-02-25 08:29 - 2015-02-25 08:29 - 00000334 _____ () C:\WINDOWS\PFRO.log
2015-02-24 18:59 - 2015-02-25 08:30 - 00000154 _____ () C:\WINDOWS\setupact.log
2015-02-24 18:59 - 2015-02-24 18:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-22 20:10 - 2015-02-22 20:10 - 00000000 ____D () C:\Program Files\Megalon
2015-02-21 10:58 - 2015-02-21 10:58 - 00000000 ____D () C:\Program Files\Common Files\Clocker
2015-02-21 10:50 - 2015-02-21 10:50 - 00000000 ____D () C:\Program Files\Common Files\WWS
2015-02-23 19:26 - 2014-10-02 09:58 - 00000000 ____D () C:\AdwCleaner
2015-01-31 09:04 - 2013-06-27 21:22 - 00000000 ____D () C:\Users\Todos os Usuários\boost_interprocess
2015-01-31 09:04 - 2013-06-27 21:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-01 19:36 - 2014-06-01 21:14 - 6103040 _____ () C:\Program Files (x86)\GUT9D2A.tmp
2013-12-04 22:34 - 2013-12-04 22:34 - 0003584 _____ () C:\Users\Verner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {6E256048-A68D-4EBF-8C89-A225C3F3FA85} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-11] (Facebook Inc.)
Task: {7092F6D3-890D-46F9-B5B5-273BE58C3794} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000Core => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-11] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA.job => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe
AlternateDataStreams: C:\Users\Verner\Certidao_Oc_53_posse_Luana.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Intimacao_de_ME - IPM 1696-2014.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Nota_Fiscal_Eletronica MOTO G.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Nota_Fiscal_Eletronica___pedido_Shoptime - Câmera Samsung Dv2014 Preta.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Sindicancia Escala_de_Sv_e_apresentacao_de_ME.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\ULTRAFARAMA CADASTRO.eml:OECustomProperty
C:\Users\Verner\avira_free_antivirus_ptbr.exe
C:\Users\Verner\AppData\Local\Temp\avgnt.exe
end
> Desabilite seu Antivírus!
> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
A+
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as na pasta Dowloads! /!\ C:\Users\Verner\Downloads /!\
start
CloseProcesses:
emptytemp:
(Greenwichers) C:\Program Files\Common Files\Clocker\Clocker.exe
(The Security Team) C:\Program Files\Common Files\WWS\Watchdog.exe
HKLM\...\Run: [Megalon] => C:\Program Files\Megalon\Megalon.exe [78336 2015-02-25] (The Megalon Team)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-99747896-3686439659-1212376747-1000\...\MountPoints2: {1cf003f6-b6d3-11e4-8244-3859f9c97ff2} - "F:\AutoRun.exe"
HKU\S-1-5-21-99747896-3686439659-1212376747-1000\...\MountPoints2: {4f448ba9-07b7-11e4-bea9-3859f9c97ff2} - "F:\iLinker.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
2015-02-25 08:29 - 2015-02-25 08:29 - 00000334 _____ () C:\WINDOWS\PFRO.log
2015-02-24 18:59 - 2015-02-25 08:30 - 00000154 _____ () C:\WINDOWS\setupact.log
2015-02-24 18:59 - 2015-02-24 18:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-22 20:10 - 2015-02-22 20:10 - 00000000 ____D () C:\Program Files\Megalon
2015-02-21 10:58 - 2015-02-21 10:58 - 00000000 ____D () C:\Program Files\Common Files\Clocker
2015-02-21 10:50 - 2015-02-21 10:50 - 00000000 ____D () C:\Program Files\Common Files\WWS
2015-02-23 19:26 - 2014-10-02 09:58 - 00000000 ____D () C:\AdwCleaner
2015-01-31 09:04 - 2013-06-27 21:22 - 00000000 ____D () C:\Users\Todos os Usuários\boost_interprocess
2015-01-31 09:04 - 2013-06-27 21:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-01 19:36 - 2014-06-01 21:14 - 6103040 _____ () C:\Program Files (x86)\GUT9D2A.tmp
2013-12-04 22:34 - 2013-12-04 22:34 - 0003584 _____ () C:\Users\Verner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {6E256048-A68D-4EBF-8C89-A225C3F3FA85} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-11] (Facebook Inc.)
Task: {7092F6D3-890D-46F9-B5B5-273BE58C3794} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000Core => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-11] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA.job => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe
AlternateDataStreams: C:\Users\Verner\Certidao_Oc_53_posse_Luana.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Intimacao_de_ME - IPM 1696-2014.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Nota_Fiscal_Eletronica MOTO G.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Nota_Fiscal_Eletronica___pedido_Shoptime - Câmera Samsung Dv2014 Preta.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Sindicancia Escala_de_Sv_e_apresentacao_de_ME.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\ULTRAFARAMA CADASTRO.eml:OECustomProperty
C:\Users\Verner\avira_free_antivirus_ptbr.exe
C:\Users\Verner\AppData\Local\Temp\avgnt.exe
end
> Desabilite seu Antivírus!
> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Megalon WebClient instalado no note.
por Verner Kahl Qua 25 Fev 2015, 11:16
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Verner at 2015-02-25 11:10:29 Run:1
Running from C:\Users\Verner\Downloads
Loaded Profiles: Verner (Available profiles: Verner)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
emptytemp:
(Greenwichers) C:\Program Files\Common Files\Clocker\Clocker.exe
(The Security Team) C:\Program Files\Common Files\WWS\Watchdog.exe
HKLM\...\Run: [Megalon] => C:\Program Files\Megalon\Megalon.exe [78336 2015-02-25] (The Megalon Team)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-99747896-3686439659-1212376747-1000\...\MountPoints2: {1cf003f6-b6d3-11e4-8244-3859f9c97ff2} - "F:\AutoRun.exe"
HKU\S-1-5-21-99747896-3686439659-1212376747-1000\...\MountPoints2: {4f448ba9-07b7-11e4-bea9-3859f9c97ff2} - "F:\iLinker.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
2015-02-25 08:29 - 2015-02-25 08:29 - 00000334 _____ () C:\WINDOWS\PFRO.log
2015-02-24 18:59 - 2015-02-25 08:30 - 00000154 _____ () C:\WINDOWS\setupact.log
2015-02-24 18:59 - 2015-02-24 18:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-22 20:10 - 2015-02-22 20:10 - 00000000 ____D () C:\Program Files\Megalon
2015-02-21 10:58 - 2015-02-21 10:58 - 00000000 ____D () C:\Program Files\Common Files\Clocker
2015-02-21 10:50 - 2015-02-21 10:50 - 00000000 ____D () C:\Program Files\Common Files\WWS
2015-02-23 19:26 - 2014-10-02 09:58 - 00000000 ____D () C:\AdwCleaner
2015-01-31 09:04 - 2013-06-27 21:22 - 00000000 ____D () C:\Users\Todos os Usuários\boost_interprocess
2015-01-31 09:04 - 2013-06-27 21:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-01 19:36 - 2014-06-01 21:14 - 6103040 _____ () C:\Program Files (x86)\GUT9D2A.tmp
2013-12-04 22:34 - 2013-12-04 22:34 - 0003584 _____ () C:\Users\Verner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {6E256048-A68D-4EBF-8C89-A225C3F3FA85} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-11] (Facebook Inc.)
Task: {7092F6D3-890D-46F9-B5B5-273BE58C3794} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000Core => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-11] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA.job => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe
AlternateDataStreams: C:\Users\Verner\Certidao_Oc_53_posse_Luana.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Intimacao_de_ME - IPM 1696-2014.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Nota_Fiscal_Eletronica MOTO G.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Nota_Fiscal_Eletronica___pedido_Shoptime - Câmera Samsung Dv2014 Preta.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Sindicancia Escala_de_Sv_e_apresentacao_de_ME.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\ULTRAFARAMA CADASTRO.eml:OECustomProperty
C:\Users\Verner\avira_free_antivirus_ptbr.exe
C:\Users\Verner\AppData\Local\Temp\avgnt.exe
end
*****************
Processes closed successfully.
C:\Program Files\Common Files\Clocker\Clocker.exe => Failed to close process.
C:\Program Files\Common Files\WWS\Watchdog.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Megalon => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
"HKU\S-1-5-21-99747896-3686439659-1212376747-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cf003f6-b6d3-11e4-8244-3859f9c97ff2}" => Key deleted successfully.
HKCR\CLSID\{1cf003f6-b6d3-11e4-8244-3859f9c97ff2} => Key not found.
"HKU\S-1-5-21-99747896-3686439659-1212376747-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f448ba9-07b7-11e4-bea9-3859f9c97ff2}" => Key deleted successfully.
HKCR\CLSID\{4f448ba9-07b7-11e4-bea9-3859f9c97ff2} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
C:\WINDOWS\PFRO.log => Moved successfully.
C:\WINDOWS\setupact.log => Moved successfully.
C:\WINDOWS\setuperr.log => Moved successfully.
C:\Program Files\Megalon => Moved successfully.
C:\Program Files\Common Files\Clocker => Moved successfully.
C:\Program Files\Common Files\WWS => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Todos os Usuários\boost_interprocess => Moved successfully.
"C:\ProgramData\boost_interprocess" => File/Directory not found.
C:\Program Files (x86)\GUT9D2A.tmp => Moved successfully.
C:\Users\Verner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E256048-A68D-4EBF-8C89-A225C3F3FA85}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E256048-A68D-4EBF-8C89-A225C3F3FA85}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7092F6D3-890D-46F9-B5B5-273BE58C3794}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7092F6D3-890D-46F9-B5B5-273BE58C3794}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000Core => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000Core" => Key deleted successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA.job => Moved successfully.
C:\Users\Verner\Certidao_Oc_53_posse_Luana.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\Intimacao_de_ME - IPM 1696-2014.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\Nota_Fiscal_Eletronica MOTO G.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\Nota_Fiscal_Eletronica___pedido_Shoptime - Câmera Samsung Dv2014 Preta.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\Sindicancia Escala_de_Sv_e_apresentacao_de_ME.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\ULTRAFARAMA CADASTRO.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\avira_free_antivirus_ptbr.exe => Moved successfully.
C:\Users\Verner\AppData\Local\Temp\avgnt.exe => Moved successfully.
EmptyTemp: => Removed 335.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog 11:10:48 ====
Ran by Verner at 2015-02-25 11:10:29 Run:1
Running from C:\Users\Verner\Downloads
Loaded Profiles: Verner (Available profiles: Verner)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
emptytemp:
(Greenwichers) C:\Program Files\Common Files\Clocker\Clocker.exe
(The Security Team) C:\Program Files\Common Files\WWS\Watchdog.exe
HKLM\...\Run: [Megalon] => C:\Program Files\Megalon\Megalon.exe [78336 2015-02-25] (The Megalon Team)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-99747896-3686439659-1212376747-1000\...\MountPoints2: {1cf003f6-b6d3-11e4-8244-3859f9c97ff2} - "F:\AutoRun.exe"
HKU\S-1-5-21-99747896-3686439659-1212376747-1000\...\MountPoints2: {4f448ba9-07b7-11e4-bea9-3859f9c97ff2} - "F:\iLinker.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
2015-02-25 08:29 - 2015-02-25 08:29 - 00000334 _____ () C:\WINDOWS\PFRO.log
2015-02-24 18:59 - 2015-02-25 08:30 - 00000154 _____ () C:\WINDOWS\setupact.log
2015-02-24 18:59 - 2015-02-24 18:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-22 20:10 - 2015-02-22 20:10 - 00000000 ____D () C:\Program Files\Megalon
2015-02-21 10:58 - 2015-02-21 10:58 - 00000000 ____D () C:\Program Files\Common Files\Clocker
2015-02-21 10:50 - 2015-02-21 10:50 - 00000000 ____D () C:\Program Files\Common Files\WWS
2015-02-23 19:26 - 2014-10-02 09:58 - 00000000 ____D () C:\AdwCleaner
2015-01-31 09:04 - 2013-06-27 21:22 - 00000000 ____D () C:\Users\Todos os Usuários\boost_interprocess
2015-01-31 09:04 - 2013-06-27 21:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-01 19:36 - 2014-06-01 21:14 - 6103040 _____ () C:\Program Files (x86)\GUT9D2A.tmp
2013-12-04 22:34 - 2013-12-04 22:34 - 0003584 _____ () C:\Users\Verner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {6E256048-A68D-4EBF-8C89-A225C3F3FA85} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-11] (Facebook Inc.)
Task: {7092F6D3-890D-46F9-B5B5-273BE58C3794} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000Core => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-12-11] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA.job => C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe
AlternateDataStreams: C:\Users\Verner\Certidao_Oc_53_posse_Luana.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Intimacao_de_ME - IPM 1696-2014.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Nota_Fiscal_Eletronica MOTO G.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Nota_Fiscal_Eletronica___pedido_Shoptime - Câmera Samsung Dv2014 Preta.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\Sindicancia Escala_de_Sv_e_apresentacao_de_ME.eml:OECustomProperty
AlternateDataStreams: C:\Users\Verner\ULTRAFARAMA CADASTRO.eml:OECustomProperty
C:\Users\Verner\avira_free_antivirus_ptbr.exe
C:\Users\Verner\AppData\Local\Temp\avgnt.exe
end
*****************
Processes closed successfully.
C:\Program Files\Common Files\Clocker\Clocker.exe => Failed to close process.
C:\Program Files\Common Files\WWS\Watchdog.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Megalon => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
"HKU\S-1-5-21-99747896-3686439659-1212376747-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cf003f6-b6d3-11e4-8244-3859f9c97ff2}" => Key deleted successfully.
HKCR\CLSID\{1cf003f6-b6d3-11e4-8244-3859f9c97ff2} => Key not found.
"HKU\S-1-5-21-99747896-3686439659-1212376747-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f448ba9-07b7-11e4-bea9-3859f9c97ff2}" => Key deleted successfully.
HKCR\CLSID\{4f448ba9-07b7-11e4-bea9-3859f9c97ff2} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
C:\WINDOWS\PFRO.log => Moved successfully.
C:\WINDOWS\setupact.log => Moved successfully.
C:\WINDOWS\setuperr.log => Moved successfully.
C:\Program Files\Megalon => Moved successfully.
C:\Program Files\Common Files\Clocker => Moved successfully.
C:\Program Files\Common Files\WWS => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Todos os Usuários\boost_interprocess => Moved successfully.
"C:\ProgramData\boost_interprocess" => File/Directory not found.
C:\Program Files (x86)\GUT9D2A.tmp => Moved successfully.
C:\Users\Verner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E256048-A68D-4EBF-8C89-A225C3F3FA85}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E256048-A68D-4EBF-8C89-A225C3F3FA85}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7092F6D3-890D-46F9-B5B5-273BE58C3794}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7092F6D3-890D-46F9-B5B5-273BE58C3794}" => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000Core => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000Core" => Key deleted successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000UA.job => Moved successfully.
C:\Users\Verner\Certidao_Oc_53_posse_Luana.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\Intimacao_de_ME - IPM 1696-2014.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\Nota_Fiscal_Eletronica MOTO G.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\Nota_Fiscal_Eletronica___pedido_Shoptime - Câmera Samsung Dv2014 Preta.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\Sindicancia Escala_de_Sv_e_apresentacao_de_ME.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\ULTRAFARAMA CADASTRO.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Verner\avira_free_antivirus_ptbr.exe => Moved successfully.
C:\Users\Verner\AppData\Local\Temp\avgnt.exe => Moved successfully.
EmptyTemp: => Removed 335.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog 11:10:48 ====
Verner Kahl- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 24/02/2015
Re: Megalon WebClient instalado no note.
por joram Qua 25 Fev 2015, 11:24
/!\ Bom Dia! Verner Kahl /!\
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute Zoek.exe como administrador.
emptyfolderscheck;delete
c:\program files (x86)\Megalon\megalon.exe;f
c:\program files\common files\wws\watchdog.exe;f
c:\program files\common files\clocker\clocker.exe;f
c:\program files (x86)\Megalon;fs
c:\program files\common files\wws;fs
c:\program files\common files\clocker;fs
megalon;a
megalon;z
quickscan;
emptytemp;
emptyclsid;
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute Zoek.exe como administrador.
emptyfolderscheck;delete
c:\program files (x86)\Megalon\megalon.exe;f
c:\program files\common files\wws\watchdog.exe;f
c:\program files\common files\clocker\clocker.exe;f
c:\program files (x86)\Megalon;fs
c:\program files\common files\wws;fs
c:\program files\common files\clocker;fs
megalon;a
megalon;z
quickscan;
emptytemp;
emptyclsid;
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.zoek.hta failed by unknown error.
Restart computer, and try again.
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Megalon WebClient instalado no note.
por Verner Kahl Qua 25 Fev 2015, 12:35
Boa tarde Joram!
Segue abaixo o relatório:
Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Verner on 25/02/2015 at 12:21:23,58.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Verner\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-25-143821.log 2911 bytes
==== Deleting Files \ Folders ======================
c:\program files (x86)\Megalon not found
c:\program files\common files\wws not found
c:\program files\common files\clocker not found
"c:\program files (x86)\Megalon\megalon.exe" not found
"c:\program files\common files\wws\watchdog.exe" not found
"c:\program files\common files\clocker\clocker.exe" not found
==== Folders Found ======================
2015-02-22 23:10:56 2015-02-22 23:10:57 -------- d-----w- C:\FRST\Quarantine\C\Program Files\Megalon
2015-02-23 23:11:16 2015-02-23 23:11:16 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_070e92ed
2015-02-24 18:29:26 2015-02-24 18:29:26 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_0b38cdda
2015-02-23 23:11:16 2015-02-23 23:11:16 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_070e92ed
2015-02-24 18:29:26 2015-02-24 18:29:26 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_0b38cdda
==== Files Found ======================
--- C:\FRST\Quarantine\C\Program Files\Megalon\Megalon.exe ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright © 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-22 23:10:57
Modified time: 2015-02-25 11:36:25
MD5: 8CE4031DA406F75CB729BCB734BEB395
SHA1: 5D6B86178F97F9F32EF895631101C0E0560A955C
--- C:\Windows\Prefetch\MEGALON.EXE-B3644CE4.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 55596
Created time: 2015-02-22 23:11:12
Modified time: 2015-02-25 11:36:50
MD5: A16A212CB6BB311A70D3DC130FEF53E1
SHA1: 6B070EA8034F0EFB74F269BFE17E7F0C91D53BD5
==== Registry Search Results for "megalon" ======================
[HKEY_USERS\S-1-5-21-99747896-3686439659-1212376747-1000\Software\Megalon]
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\Users\Verner\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-02-24 18:47:59 E398551943ABF67B0849C3049140056B 200704 ----a-w- C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 18:47:59 D4A564BABFF82F56E68835FBFDA7AB00 513488 ----a-w- C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 18:47:59 A830881BBCDE47DB73E6EF2E0640C193 868352 ----a-w- C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-12 00:33:32 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-02-24 18:47:59 D4A564BABFF82F56E68835FBFDA7AB00 513488 ----a-w- C:\WINDOWS\Sysnative\locale.nls
2015-02-24 18:47:59 3B63AA6552F66B518F85BD3A8ED7C2F5 323072 ----a-w- C:\WINDOWS\Sysnative\GlobCollationHost.dll
2015-02-24 18:47:59 3A7D8742A6BE524A2165F93375AE1872 1200128 ----a-w- C:\WINDOWS\Sysnative\Windows.Globalization.dll
2015-02-12 00:33:32 16ACAA0C01F31B39F39446188F6A3593 6041600 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
====== C:\WINDOWS\Sysnative\drivers =====
2015-02-25 12:29:45 E16E2431516D904CED3946AD3FF8C86B 854 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.INF
2015-02-25 12:29:45 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.SYS
2015-02-25 12:29:45 7846ED59291A134CC5DD017C6EC7B433 8222 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.CAT
2015-02-11 12:51:16 3930E508DDA46C1FF68FD963F350AA0A 563504 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2015-02-11 12:51:16 15C8C65CEA018C02EA0F648448C491C5 177984 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys
====== C:\WINDOWS\Tasks ======
2015-02-20 21:50:19 EF20A9EBCFF7C9D8B1524601291A3FB0 3310 ----a-w- C:\WINDOWS\Sysnative\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-99747896-3686439659-1212376747-1000
2015-02-20 21:50:16 E07BFA66A4E57E047E6B31892A30CD11 3366 ----a-w- C:\WINDOWS\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-99747896-3686439659-1212376747-1000
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-02-24 23:43:19 -------- d-----w- C:\PROGRA~2\ZHPDiag
2015-02-24 11:55:01 -------- d-----w- C:\PROGRA~2\VS Revo Group
2015-02-21 13:31:59 -------- d-----w- C:\PROGRA~2\Hp
2015-02-21 13:31:59 -------- d-----w- C:\PROGRA~2\Hewlett-Packard
======= C: =====
====== C:\Users\Verner\AppData\Roaming ======
2015-02-25 11:49:20 -------- d-----w- C:\Users\USURIO~1\AppData\Roaming\TuneUp Software
2015-02-25 11:49:20 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software
2015-02-25 11:49:20 -------- d-----w- C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-02-25 00:53:16 -------- d-----w- C:\Users\Verner\AppData\Roaming\AVG2015
2015-02-25 00:52:43 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015
2015-02-25 00:52:10 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Avg2015
2015-02-25 00:50:12 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Avg2015
2015-02-25 00:33:00 -------- d-----w- C:\Users\Verner\AppData\Local\Avg2015
2015-02-24 23:43:19 -------- d-----w- C:\Users\Verner\AppData\Roaming\ZHP
2015-02-24 11:55:01 -------- d-----w- C:\Users\Verner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-01-31 11:53:28 75E913DCD29F9E938E8880D3D299309A 17910 ----a-w- C:\Users\Verner\AppData\Roaming\unins000.dat
2015-01-31 11:53:28 3716A4A599EFFC49D538A47CC15E060F 747218 ------w- C:\Users\Verner\AppData\Roaming\unins000.exe
2015-01-31 11:53:28 -------- d-----w- C:\Users\Verner\AppData\Local\GAS Tecnologia
====== C:\Users\Verner ======
2015-02-25 11:41:51 B81464104336B16A9BC6B2874B16A9C5 2087936 ----a-w- C:\Users\Verner\Downloads\FRST64.exe
2015-02-25 11:38:10 B77A1AF973E9FE4546F8FBDA41A36E2B 211402824 ------w- C:\Users\Verner\Downloads\N360-TW-21.1.0-BR.exe
2015-02-25 00:51:00 -------- d-----w- C:\Users\TODOSO~1\AVG2015
2015-02-25 00:51:00 -------- d-----w- C:\ProgramData\AVG2015
2015-02-24 23:32:30 41BEEBF43771A8BD91F4D691B90B743E 6877803 ----a-w- C:\Users\Verner\Downloads\ZHPDiag2.exe
2015-02-24 18:44:10 55DA691927B564C321CB57A3E0C84232 189368 ----a-w- C:\Users\Verner\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6213.exe
2015-02-24 12:05:36 D8A65ADFDA097A239831D28418BDBF5E 2953520 ----a-w- C:\Users\Verner\Downloads\avast-browser-cleanup.exe
2015-02-24 11:53:59 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Verner\Downloads\revosetup.exe
2015-02-21 20:26:31 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Verner\Downloads\adwcleaner_4.111.exe
2015-02-18 14:09:47 54FF60E98C0349548BDED1E7ADF04BD1 107980 ----a-w- C:\Users\Verner\CCB VERNER.pdf
2015-02-18 12:48:35 944F800060EF2BD05EC1243C916AD865 24576 ----a-w- C:\Users\Verner\Encaminhamento Req Parecer Cmt Cia.doc
2015-02-18 12:48:30 63671298FD060817E375E7F13229D212 22016 ----a-w- C:\Users\Verner\Encaminhamento Req Parecer Cmt GPM PEL.doc
2015-02-18 12:48:24 1054DF20B6EB0A857B62B59A8AEC2FFE 38912 ----a-w- C:\Users\Verner\Req Transf Sgt Martins.doc
2015-02-18 11:04:57 5752E556E412C4FE004C69866746891D 144699 ----a-w- C:\Users\Verner\contrato-cartao-ponto-frio.pdf
====== C: exe-files ==
2015-02-25 15:13:57 90E349873C2F6D0F8B2B70761A77671A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-99747896-3686439659-1212376747-1000\$IK3HX80.exe
2015-02-25 15:13:54 1C4BB778058A07429749EB5DA173851A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-99747896-3686439659-1212376747-1000\$IKYRF8S.exe
2015-02-25 14:53:34 D7F97BF3F9DB7E547CFDA4089C3E4401 1304576 ----a-w- C:\$Recycle.Bin\S-1-5-21-99747896-3686439659-1212376747-1000\$RK3HX80.exe
2015-02-25 14:50:34 D7F97BF3F9DB7E547CFDA4089C3E4401 1304576 ----a-w- C:\$Recycle.Bin\S-1-5-21-99747896-3686439659-1212376747-1000\$RKYRF8S.exe
2015-02-25 11:41:51 DDF6CA0B2230B43B84F4CC06E94FBBDD 2087424 ----a-w- C:\Users\Verner\Downloads\FRST-OlderVersion\FRST64.exe
2015-02-25 11:41:51 B81464104336B16A9BC6B2874B16A9C5 2087936 ----a-w- C:\Users\Verner\Downloads\FRST64.exe
2015-02-25 11:38:10 B77A1AF973E9FE4546F8FBDA41A36E2B 211402824 ------w- C:\Users\Verner\Downloads\N360-TW-21.1.0-BR.exe
2015-02-24 23:32:30 41BEEBF43771A8BD91F4D691B90B743E 6877803 ----a-w- C:\Users\Verner\Downloads\ZHPDiag2.exe
2015-02-24 18:44:10 55DA691927B564C321CB57A3E0C84232 189368 ----a-w- C:\Users\Verner\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6213.exe
2015-02-24 12:05:36 D8A65ADFDA097A239831D28418BDBF5E 2953520 ----a-w- C:\Users\Verner\Downloads\avast-browser-cleanup.exe
2015-02-24 11:55:02 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
2015-02-24 11:53:59 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Verner\Downloads\revosetup.exe
2015-02-22 23:10:57 8CE4031DA406F75CB729BCB734BEB395 78336 ----a-w- C:\FRST\Quarantine\C\Program Files\Megalon\Megalon.exe
2015-02-21 20:26:31 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Verner\Downloads\adwcleaner_4.111.exe
2015-02-21 13:58:57 79BBFBE4901C100F4CC0689BCA813347 54784 ----a-w- C:\FRST\Quarantine\C\Program Files\Common Files\Clocker\Clocker.exe
2015-02-21 13:50:41 026293ABF80ACC8F165CDBF6E3DD40B1 53760 ----a-w- C:\FRST\Quarantine\C\Program Files\Common Files\WWS\Watchdog.exe
2015-02-20 11:32:27 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Program Files (x86)\Google\Update\Install\{39B67299-CE50-436C-97A5-C430264C445B}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
2015-02-20 11:32:27 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_40.0.2214.111_chrome_updater.exe
=== C: other files ==
2015-02-25 14:42:49 9F31630D7FC2DD9D5DA1CE359AAD1F46 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2015-02-25 14:42:49 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2015-02-25 14:42:49 5570A74FF9B1EFBC5154DD1E2F05C517 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2015-02-25 14:42:49 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2015-02-25 14:42:48 E163E10191958FF6A2B0B48353F9E9FD 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2015-02-25 14:42:48 68E7B6708B9EEE021301C483825D05EA 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2015-02-25 14:42:48 2C95265BE19F338E1C1090E4E91055BB 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2015-02-25 14:42:48 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2015-02-25 12:29:45 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2015-02-25 12:29:44 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\ELAMBKUP\SYMELAM.SYS
2015-02-25 12:29:25 B18CE01B9C09C59422BA7C7064248B35 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtspx64.sys
2015-02-25 12:29:25 8BFD1752AAA15BF47D668E9AC5AF96FB 858200 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtsp64.sys
2015-02-25 12:29:25 78A2F073AD9EA5EBC04A70931EA36C9A 590936 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys
2015-02-25 12:29:25 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys
2015-02-25 12:29:25 48C2934683CBD06F662B088EEF49EF6A 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys
2015-02-25 12:29:25 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys
2015-02-25 12:29:25 08AF51153E441687130B759A8F6892ED 1147480 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys
2015-02-25 12:29:24 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys
2015-02-20 21:51:39 823133D7546AF73154B2CB90CC51F795 844440 ----a-w- C:\Users\Todos os Usuários\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys
2015-02-20 21:51:39 823133D7546AF73154B2CB90CC51F795 844440 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys
2015-02-20 21:51:39 6D7A45AF8E97C73E4BD46165EA849852 472152 ----a-w- C:\Users\Todos os Usuários\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys
2015-02-20 21:51:39 6D7A45AF8E97C73E4BD46165EA849852 472152 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RealNetworks Downloader Resolver Service]
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04/02/2015 21:29]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000Core.job --a-------- C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/12/2013 10:06]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe"]
"C:\WINDOWS\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-99747896-3686439659-1212376747-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-99747896-3686439659-1212376747-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-99747896-3686439659-1212376747-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-99747896-3686439659-1212376747-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-99747896-3686439659-1212376747-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{CB5B1801-2923-48AF-93A2-FDA1CCB839B2}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe]
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Verner\AppData\Roaming\Mozilla\Firefox\Profiles\i10rmymb.default
user_pref("browser.startup.homepage", "https://www.google.com.br/");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [25/02/2015 12:19]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886F}"="C:\Users\Verner\AppData\Local\GAS Tecnologia\GBBD\isg\xpi" [31/01/2015 08:53]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Verner\AppData\Roaming\Mozilla\Firefox\Profiles\i10rmymb.default
- RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
- GBBD Infoseg - Senasp - C:\Users\Verner\AppData\Local\GAS Tecnologia\GBBD\isg\xpi
- Undetermined - {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}
- Undetermined - {87F8774F-B485-47E2-A755-A40A8A5E886F}
- Segurana do navegador Avira - %ProfilePath%\extensions\abs@avira.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Verner\AppData\Roaming\Mozilla\Firefox\Profiles\i10rmymb.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
1DB2DC8D41DC15D4C9556FDA9B62B2DD - C:\Users\Verner\AppData\Local\GAS Tecnologia\GBBD\npsf_isg.dll - Módulo de Proteção - Infoseg - Senasp
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Verner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
75EFF31DC815935C84A8986DA15EC108 - C:\Users\Verner\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll - Módulo de Proteção - Infoseg - Senasp
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx[06/10/2013 00:26]
Google Slides - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
RealDownloader - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Norton Security Toolbar - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Wallet - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avira Browser Safety - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
RealDownloader - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Verner\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Verner\AppData\Local\Temp successfully emptied
==== EOF on 25/02/2015 at 12:32:09,37 ======================
Segue abaixo o relatório:
Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Verner on 25/02/2015 at 12:21:23,58.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Verner\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-25-143821.log 2911 bytes
==== Deleting Files \ Folders ======================
c:\program files (x86)\Megalon not found
c:\program files\common files\wws not found
c:\program files\common files\clocker not found
"c:\program files (x86)\Megalon\megalon.exe" not found
"c:\program files\common files\wws\watchdog.exe" not found
"c:\program files\common files\clocker\clocker.exe" not found
==== Folders Found ======================
2015-02-22 23:10:56 2015-02-22 23:10:57 -------- d-----w- C:\FRST\Quarantine\C\Program Files\Megalon
2015-02-23 23:11:16 2015-02-23 23:11:16 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_070e92ed
2015-02-24 18:29:26 2015-02-24 18:29:26 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_0b38cdda
2015-02-23 23:11:16 2015-02-23 23:11:16 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_070e92ed
2015-02-24 18:29:26 2015-02-24 18:29:26 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_0b38cdda
==== Files Found ======================
--- C:\FRST\Quarantine\C\Program Files\Megalon\Megalon.exe ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright © 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-22 23:10:57
Modified time: 2015-02-25 11:36:25
MD5: 8CE4031DA406F75CB729BCB734BEB395
SHA1: 5D6B86178F97F9F32EF895631101C0E0560A955C
--- C:\Windows\Prefetch\MEGALON.EXE-B3644CE4.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 55596
Created time: 2015-02-22 23:11:12
Modified time: 2015-02-25 11:36:50
MD5: A16A212CB6BB311A70D3DC130FEF53E1
SHA1: 6B070EA8034F0EFB74F269BFE17E7F0C91D53BD5
==== Registry Search Results for "megalon" ======================
[HKEY_USERS\S-1-5-21-99747896-3686439659-1212376747-1000\Software\Megalon]
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
====== C:\Users\Verner\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-02-24 18:47:59 E398551943ABF67B0849C3049140056B 200704 ----a-w- C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-24 18:47:59 D4A564BABFF82F56E68835FBFDA7AB00 513488 ----a-w- C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 18:47:59 A830881BBCDE47DB73E6EF2E0640C193 868352 ----a-w- C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-12 00:33:32 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-02-24 18:47:59 D4A564BABFF82F56E68835FBFDA7AB00 513488 ----a-w- C:\WINDOWS\Sysnative\locale.nls
2015-02-24 18:47:59 3B63AA6552F66B518F85BD3A8ED7C2F5 323072 ----a-w- C:\WINDOWS\Sysnative\GlobCollationHost.dll
2015-02-24 18:47:59 3A7D8742A6BE524A2165F93375AE1872 1200128 ----a-w- C:\WINDOWS\Sysnative\Windows.Globalization.dll
2015-02-12 00:33:32 16ACAA0C01F31B39F39446188F6A3593 6041600 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
====== C:\WINDOWS\Sysnative\drivers =====
2015-02-25 12:29:45 E16E2431516D904CED3946AD3FF8C86B 854 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.INF
2015-02-25 12:29:45 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.SYS
2015-02-25 12:29:45 7846ED59291A134CC5DD017C6EC7B433 8222 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.CAT
2015-02-11 12:51:16 3930E508DDA46C1FF68FD963F350AA0A 563504 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys
2015-02-11 12:51:16 15C8C65CEA018C02EA0F648448C491C5 177984 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys
====== C:\WINDOWS\Tasks ======
2015-02-20 21:50:19 EF20A9EBCFF7C9D8B1524601291A3FB0 3310 ----a-w- C:\WINDOWS\Sysnative\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-99747896-3686439659-1212376747-1000
2015-02-20 21:50:16 E07BFA66A4E57E047E6B31892A30CD11 3366 ----a-w- C:\WINDOWS\Sysnative\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-99747896-3686439659-1212376747-1000
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-02-24 23:43:19 -------- d-----w- C:\PROGRA~2\ZHPDiag
2015-02-24 11:55:01 -------- d-----w- C:\PROGRA~2\VS Revo Group
2015-02-21 13:31:59 -------- d-----w- C:\PROGRA~2\Hp
2015-02-21 13:31:59 -------- d-----w- C:\PROGRA~2\Hewlett-Packard
======= C: =====
====== C:\Users\Verner\AppData\Roaming ======
2015-02-25 11:49:20 -------- d-----w- C:\Users\USURIO~1\AppData\Roaming\TuneUp Software
2015-02-25 11:49:20 -------- d-----w- C:\Users\Default\AppData\Roaming\TuneUp Software
2015-02-25 11:49:20 -------- d-----w- C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-02-25 00:53:16 -------- d-----w- C:\Users\Verner\AppData\Roaming\AVG2015
2015-02-25 00:52:43 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015
2015-02-25 00:52:10 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Avg2015
2015-02-25 00:50:12 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Avg2015
2015-02-25 00:33:00 -------- d-----w- C:\Users\Verner\AppData\Local\Avg2015
2015-02-24 23:43:19 -------- d-----w- C:\Users\Verner\AppData\Roaming\ZHP
2015-02-24 11:55:01 -------- d-----w- C:\Users\Verner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-01-31 11:53:28 75E913DCD29F9E938E8880D3D299309A 17910 ----a-w- C:\Users\Verner\AppData\Roaming\unins000.dat
2015-01-31 11:53:28 3716A4A599EFFC49D538A47CC15E060F 747218 ------w- C:\Users\Verner\AppData\Roaming\unins000.exe
2015-01-31 11:53:28 -------- d-----w- C:\Users\Verner\AppData\Local\GAS Tecnologia
====== C:\Users\Verner ======
2015-02-25 11:41:51 B81464104336B16A9BC6B2874B16A9C5 2087936 ----a-w- C:\Users\Verner\Downloads\FRST64.exe
2015-02-25 11:38:10 B77A1AF973E9FE4546F8FBDA41A36E2B 211402824 ------w- C:\Users\Verner\Downloads\N360-TW-21.1.0-BR.exe
2015-02-25 00:51:00 -------- d-----w- C:\Users\TODOSO~1\AVG2015
2015-02-25 00:51:00 -------- d-----w- C:\ProgramData\AVG2015
2015-02-24 23:32:30 41BEEBF43771A8BD91F4D691B90B743E 6877803 ----a-w- C:\Users\Verner\Downloads\ZHPDiag2.exe
2015-02-24 18:44:10 55DA691927B564C321CB57A3E0C84232 189368 ----a-w- C:\Users\Verner\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6213.exe
2015-02-24 12:05:36 D8A65ADFDA097A239831D28418BDBF5E 2953520 ----a-w- C:\Users\Verner\Downloads\avast-browser-cleanup.exe
2015-02-24 11:53:59 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Verner\Downloads\revosetup.exe
2015-02-21 20:26:31 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Verner\Downloads\adwcleaner_4.111.exe
2015-02-18 14:09:47 54FF60E98C0349548BDED1E7ADF04BD1 107980 ----a-w- C:\Users\Verner\CCB VERNER.pdf
2015-02-18 12:48:35 944F800060EF2BD05EC1243C916AD865 24576 ----a-w- C:\Users\Verner\Encaminhamento Req Parecer Cmt Cia.doc
2015-02-18 12:48:30 63671298FD060817E375E7F13229D212 22016 ----a-w- C:\Users\Verner\Encaminhamento Req Parecer Cmt GPM PEL.doc
2015-02-18 12:48:24 1054DF20B6EB0A857B62B59A8AEC2FFE 38912 ----a-w- C:\Users\Verner\Req Transf Sgt Martins.doc
2015-02-18 11:04:57 5752E556E412C4FE004C69866746891D 144699 ----a-w- C:\Users\Verner\contrato-cartao-ponto-frio.pdf
====== C: exe-files ==
2015-02-25 15:13:57 90E349873C2F6D0F8B2B70761A77671A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-99747896-3686439659-1212376747-1000\$IK3HX80.exe
2015-02-25 15:13:54 1C4BB778058A07429749EB5DA173851A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-99747896-3686439659-1212376747-1000\$IKYRF8S.exe
2015-02-25 14:53:34 D7F97BF3F9DB7E547CFDA4089C3E4401 1304576 ----a-w- C:\$Recycle.Bin\S-1-5-21-99747896-3686439659-1212376747-1000\$RK3HX80.exe
2015-02-25 14:50:34 D7F97BF3F9DB7E547CFDA4089C3E4401 1304576 ----a-w- C:\$Recycle.Bin\S-1-5-21-99747896-3686439659-1212376747-1000\$RKYRF8S.exe
2015-02-25 11:41:51 DDF6CA0B2230B43B84F4CC06E94FBBDD 2087424 ----a-w- C:\Users\Verner\Downloads\FRST-OlderVersion\FRST64.exe
2015-02-25 11:41:51 B81464104336B16A9BC6B2874B16A9C5 2087936 ----a-w- C:\Users\Verner\Downloads\FRST64.exe
2015-02-25 11:38:10 B77A1AF973E9FE4546F8FBDA41A36E2B 211402824 ------w- C:\Users\Verner\Downloads\N360-TW-21.1.0-BR.exe
2015-02-24 23:32:30 41BEEBF43771A8BD91F4D691B90B743E 6877803 ----a-w- C:\Users\Verner\Downloads\ZHPDiag2.exe
2015-02-24 18:44:10 55DA691927B564C321CB57A3E0C84232 189368 ----a-w- C:\Users\Verner\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6213.exe
2015-02-24 12:05:36 D8A65ADFDA097A239831D28418BDBF5E 2953520 ----a-w- C:\Users\Verner\Downloads\avast-browser-cleanup.exe
2015-02-24 11:55:02 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
2015-02-24 11:53:59 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\Verner\Downloads\revosetup.exe
2015-02-22 23:10:57 8CE4031DA406F75CB729BCB734BEB395 78336 ----a-w- C:\FRST\Quarantine\C\Program Files\Megalon\Megalon.exe
2015-02-21 20:26:31 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\Users\Verner\Downloads\adwcleaner_4.111.exe
2015-02-21 13:58:57 79BBFBE4901C100F4CC0689BCA813347 54784 ----a-w- C:\FRST\Quarantine\C\Program Files\Common Files\Clocker\Clocker.exe
2015-02-21 13:50:41 026293ABF80ACC8F165CDBF6E3DD40B1 53760 ----a-w- C:\FRST\Quarantine\C\Program Files\Common Files\WWS\Watchdog.exe
2015-02-20 11:32:27 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Program Files (x86)\Google\Update\Install\{39B67299-CE50-436C-97A5-C430264C445B}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
2015-02-20 11:32:27 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_40.0.2214.111_chrome_updater.exe
=== C: other files ==
2015-02-25 14:42:49 9F31630D7FC2DD9D5DA1CE359AAD1F46 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2015-02-25 14:42:49 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2015-02-25 14:42:49 5570A74FF9B1EFBC5154DD1E2F05C517 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2015-02-25 14:42:49 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2015-02-25 14:42:48 E163E10191958FF6A2B0B48353F9E9FD 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2015-02-25 14:42:48 68E7B6708B9EEE021301C483825D05EA 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2015-02-25 14:42:48 2C95265BE19F338E1C1090E4E91055BB 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2015-02-25 14:42:48 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2015-02-25 12:29:45 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2015-02-25 12:29:44 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\ELAMBKUP\SYMELAM.SYS
2015-02-25 12:29:25 B18CE01B9C09C59422BA7C7064248B35 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtspx64.sys
2015-02-25 12:29:25 8BFD1752AAA15BF47D668E9AC5AF96FB 858200 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtsp64.sys
2015-02-25 12:29:25 78A2F073AD9EA5EBC04A70931EA36C9A 590936 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys
2015-02-25 12:29:25 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys
2015-02-25 12:29:25 48C2934683CBD06F662B088EEF49EF6A 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys
2015-02-25 12:29:25 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys
2015-02-25 12:29:25 08AF51153E441687130B759A8F6892ED 1147480 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys
2015-02-25 12:29:24 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys
2015-02-20 21:51:39 823133D7546AF73154B2CB90CC51F795 844440 ----a-w- C:\Users\Todos os Usuários\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys
2015-02-20 21:51:39 823133D7546AF73154B2CB90CC51F795 844440 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys
2015-02-20 21:51:39 6D7A45AF8E97C73E4BD46165EA849852 472152 ----a-w- C:\Users\Todos os Usuários\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys
2015-02-20 21:51:39 6D7A45AF8E97C73E4BD46165EA849852 472152 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RealNetworks Downloader Resolver Service]
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04/02/2015 21:29]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-99747896-3686439659-1212376747-1000Core.job --a-------- C:\Users\Verner\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/12/2013 10:06]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe"]
"C:\WINDOWS\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-99747896-3686439659-1212376747-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-99747896-3686439659-1212376747-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-99747896-3686439659-1212376747-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-99747896-3686439659-1212376747-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-99747896-3686439659-1212376747-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{CB5B1801-2923-48AF-93A2-FDA1CCB839B2}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe]
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Verner\AppData\Roaming\Mozilla\Firefox\Profiles\i10rmymb.default
user_pref("browser.startup.homepage", "https://www.google.com.br/");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn" [25/02/2015 12:19]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886F}"="C:\Users\Verner\AppData\Local\GAS Tecnologia\GBBD\isg\xpi" [31/01/2015 08:53]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Verner\AppData\Roaming\Mozilla\Firefox\Profiles\i10rmymb.default
- RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
- GBBD Infoseg - Senasp - C:\Users\Verner\AppData\Local\GAS Tecnologia\GBBD\isg\xpi
- Undetermined - {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}
- Undetermined - {87F8774F-B485-47E2-A755-A40A8A5E886F}
- Segurana do navegador Avira - %ProfilePath%\extensions\abs@avira.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Verner\AppData\Roaming\Mozilla\Firefox\Profiles\i10rmymb.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
1DB2DC8D41DC15D4C9556FDA9B62B2DD - C:\Users\Verner\AppData\Local\GAS Tecnologia\GBBD\npsf_isg.dll - Módulo de Proteção - Infoseg - Senasp
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Verner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
75EFF31DC815935C84A8986DA15EC108 - C:\Users\Verner\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll - Módulo de Proteção - Infoseg - Senasp
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx[06/10/2013 00:26]
Google Slides - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
RealDownloader - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Norton Security Toolbar - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Wallet - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Verner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avira Browser Safety - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
RealDownloader - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Verner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Verner\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Verner\AppData\Local\Temp successfully emptied
==== EOF on 25/02/2015 at 12:32:09,37 ======================
Verner Kahl- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 24/02/2015
Re: Megalon WebClient instalado no note.
por joram Qua 25 Fev 2015, 12:56
/!\ Boa Tarde! Verner Kahl /!\
> Abra,novamente,a ferramenta Zoek.
[-HKEY_USERS\S-1-5-21-99747896-3686439659-1212376747-1000\Software\Megalon];r64
[-HKEY_USERS\S-1-5-21-99747896-3686439659-1212376747-1000\Software\Megalon];r
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_*;f
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe;f
c:\program files\common files\Clocker;fs
c:\program files\Megalon\Megalon4.exe;f
c:\program files\Megalon\Megalon.exe;f
c:\program files\common files\WWS;fs
C:\Windows\Prefetch\MEGALON.EXE-B3644CE4.pf;f
megalon;a
megalon;z
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+
> Abra,novamente,a ferramenta Zoek.
[-HKEY_USERS\S-1-5-21-99747896-3686439659-1212376747-1000\Software\Megalon];r64
[-HKEY_USERS\S-1-5-21-99747896-3686439659-1212376747-1000\Software\Megalon];r
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_*;f
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe;f
c:\program files\common files\Clocker;fs
c:\program files\Megalon\Megalon4.exe;f
c:\program files\Megalon\Megalon.exe;f
c:\program files\common files\WWS;fs
C:\Windows\Prefetch\MEGALON.EXE-B3644CE4.pf;f
megalon;a
megalon;z
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.zoek.hta failed by unknown error.
Restart computer, and try again.
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Megalon WebClient instalado no note.
por Verner Kahl Qua 25 Fev 2015, 13:13
Olá Joram!
Segue o relatório gerado. Informo que não solicitou reiniciar o note.
Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Verner on 25/02/2015 at 13:02:48,72.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Verner\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-25-143821.log 2911 bytes
C:\zoek-results2015-02-25-153209.log 23006 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_USERS\S-1-5-21-99747896-3686439659-1212376747-1000\Software\Megalon]
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[-HKEY_USERS\S-1-5-21-99747896-3686439659-1212376747-1000\Software\Megalon]
==== Deleting Files \ Folders ======================
c:\program files\common files\Clocker not found
c:\program files\common files\WWS not found
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe" not found
"c:\program files\Megalon\Megalon4.exe" not found
"c:\program files\Megalon\Megalon.exe" not found
"C:\Windows\Prefetch\MEGALON.EXE-B3644CE4.pf" deleted
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_070e92ed\Report.wer" deleted
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_0b38cdda\Report.wer" deleted
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_070e92ed" deleted
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_0b38cdda" deleted
==== Folders Found ======================
2015-02-22 23:10:56 2015-02-22 23:10:57 -------- d-----w- C:\FRST\Quarantine\C\Program Files\Megalon
2015-02-25 16:03:56 2015-02-25 16:03:57 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_WER_ReportArchive_AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_070e92ed
2015-02-25 16:03:57 2015-02-25 16:03:57 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_WER_ReportArchive_AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_0b38cdda
==== Files Found ======================
--- C:\FRST\Quarantine\C\Program Files\Megalon\Megalon.exe ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright © 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-22 23:10:57
Modified time: 2015-02-25 11:36:25
MD5: 8CE4031DA406F75CB729BCB734BEB395
SHA1: 5D6B86178F97F9F32EF895631101C0E0560A955C
--- C:\zoek_backup\C_Windows_Prefetch_MEGALON.EXE-B3644CE4.pf.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 55596
Created time: 2015-02-25 16:03:57
Modified time: 2015-02-25 11:36:50
MD5: A16A212CB6BB311A70D3DC130FEF53E1
SHA1: 6B070EA8034F0EFB74F269BFE17E7F0C91D53BD5
==== Registry Search Results for "megalon" ======================
No instances of string "megalon" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=4 folders=2 74431 bytes)
==== EOF on 25/02/2015 at 13:05:07,46 ======================
Segue o relatório gerado. Informo que não solicitou reiniciar o note.
Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Verner on 25/02/2015 at 13:02:48,72.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Verner\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-25-143821.log 2911 bytes
C:\zoek-results2015-02-25-153209.log 23006 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_USERS\S-1-5-21-99747896-3686439659-1212376747-1000\Software\Megalon]
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[-HKEY_USERS\S-1-5-21-99747896-3686439659-1212376747-1000\Software\Megalon]
==== Deleting Files \ Folders ======================
c:\program files\common files\Clocker not found
c:\program files\common files\WWS not found
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe" not found
"c:\program files\Megalon\Megalon4.exe" not found
"c:\program files\Megalon\Megalon.exe" not found
"C:\Windows\Prefetch\MEGALON.EXE-B3644CE4.pf" deleted
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_070e92ed\Report.wer" deleted
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_0b38cdda\Report.wer" deleted
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_070e92ed" deleted
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_0b38cdda" deleted
==== Folders Found ======================
2015-02-22 23:10:56 2015-02-22 23:10:57 -------- d-----w- C:\FRST\Quarantine\C\Program Files\Megalon
2015-02-25 16:03:56 2015-02-25 16:03:57 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_WER_ReportArchive_AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_070e92ed
2015-02-25 16:03:57 2015-02-25 16:03:57 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_WER_ReportArchive_AppCrash_Megalon.exe_a15c838b44a5cd13ddb8c4921d6b227a3c212ca1_da7c65e1_0b38cdda
==== Files Found ======================
--- C:\FRST\Quarantine\C\Program Files\Megalon\Megalon.exe ---
Company: The Megalon Team
File Description: Megalon WebClient
File Version: 1.0.0.7
Product Name: Megalon WebClient
Copyright: Copyright © 2011 The Megalon Team
Original Filename: megalon4.exe
File type: ----a-w-
File size: 78336
Created time: 2015-02-22 23:10:57
Modified time: 2015-02-25 11:36:25
MD5: 8CE4031DA406F75CB729BCB734BEB395
SHA1: 5D6B86178F97F9F32EF895631101C0E0560A955C
--- C:\zoek_backup\C_Windows_Prefetch_MEGALON.EXE-B3644CE4.pf.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 55596
Created time: 2015-02-25 16:03:57
Modified time: 2015-02-25 11:36:50
MD5: A16A212CB6BB311A70D3DC130FEF53E1
SHA1: 6B070EA8034F0EFB74F269BFE17E7F0C91D53BD5
==== Registry Search Results for "megalon" ======================
No instances of string "megalon" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=4 folders=2 74431 bytes)
==== EOF on 25/02/2015 at 13:05:07,46 ======================
Verner Kahl- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 24/02/2015
Re: Megalon WebClient instalado no note.
por joram Qua 25 Fev 2015, 13:26
/!\ Boa Tarde! Verner Kahl /!\
> Pelos informes,o Megalon pode ter vindo do Facebook. Ps: Foi isso que lhe ocorreu?
> O Megalon,ainda lhe incomoda?
> Reinicie o computador e verifique se ocorre,ainda,sua presença.
A+
> Ótimo! Isso significa que não mais existem arquivos ou pastas do malware e que sejam renitentes ao Fix normal.Verner Kahl escreveu:Segue o relatório gerado. Informo que não solicitou reiniciar o note.
> Pelos informes,o Megalon pode ter vindo do Facebook. Ps: Foi isso que lhe ocorreu?
> O Megalon,ainda lhe incomoda?
> Reinicie o computador e verifique se ocorre,ainda,sua presença.
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Megalon WebClient instalado no note.
por Verner Kahl Qua 25 Fev 2015, 13:31
Olá. Não sei como que apareceu. Só vi quando começaram abrir novas abas nos navegadores com conteúdo pesado. Vou reiniciar e posto a resposta.
Até mais
Olá. Olhei nos programas e recurso e lá estava ele instalado. Isso é uma praga. Deleta e reinstala ao reiniciar. Baixei o Norton 360 e estou passando. vou ver o que acontece ao final. Grato.
Até mais
Olá. Olhei nos programas e recurso e lá estava ele instalado. Isso é uma praga. Deleta e reinstala ao reiniciar. Baixei o Norton 360 e estou passando. vou ver o que acontece ao final. Grato.
Verner Kahl- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 24/02/2015
Re: Megalon WebClient instalado no note.
por joram Qua 25 Fev 2015, 13:55
/!\ Boa Tarde! Verner Kahl /!\Verner Kahl escreveu:Olá. Olhei nos programas e recurso e lá estava ele instalado. Isso é uma praga. Deleta e reinstala ao reiniciar. Baixei o Norton 360 e estou passando. vou ver o que acontece ao final. Grato.
> A recomendação em antivírus,seria o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e não o Norton.
> E,ainda,aparecem PopUps ou páginas abrindo em sua navegação?
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Megalon WebClient instalado no note.
por Verner Kahl Qua 25 Fev 2015, 14:03
As PopUps não voltaram. Estou testando todos os navegadores e a princípio está normal. Quanto ao Norton 360 estou com uma versão de teste para ver se encontra a praga. Já usei um bom tempo os produtos da symantec. Se for o caso volto. blz
até
até
Verner Kahl- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 24/02/2015
Re: Megalon WebClient instalado no note.
por joram Qua 25 Fev 2015, 14:11
/!\ Olá! Verner Kahl /!\
> Se não voltaram e porque o Megalon foi removido! Onde a indicação de estar instalado,é vazia ou inválida.
> Se for o caso,seu Norton nada encontrará e,talvez,arquivos desativados em quarentena de alguma ferramenta.
> Não havendo mais problemas em seu Notebook,remova as ferramentas que foram utilizadas na desinfecção!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+
> Se não voltaram e porque o Megalon foi removido! Onde a indicação de estar instalado,é vazia ou inválida.
> Se for o caso,seu Norton nada encontrará e,talvez,arquivos desativados em quarentena de alguma ferramenta.
> Não havendo mais problemas em seu Notebook,remova as ferramentas que foram utilizadas na desinfecção!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+
Última edição por joram em Qui 26 Fev 2015, 07:23, editado 1 vez(es)
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Megalon WebClient instalado no note.
por Verner Kahl Qua 25 Fev 2015, 14:29
Olá Joram!
Procedimento realizado. Reiniciei o note e verifiquei no programas não apareceu a praga. Resolvido. fico grato. ps
A+
Procedimento realizado. Reiniciei o note e verifiquei no programas não apareceu a praga. Resolvido. fico grato. ps
A+
Verner Kahl- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 24/02/2015
Re: Megalon WebClient instalado no note.
por joram Qua 25 Fev 2015, 14:36
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Leia as várias dicas que estão contidas na Cartilha de Segurança e livre-se de infecções!
CASO RESOLVIDO
> Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Leia as várias dicas que estão contidas na Cartilha de Segurança e livre-se de infecções!
CASO RESOLVIDO
> Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Tópicos semelhantes» Megalon WebClient não sai do PC
» Megalon WebClient
» Megalon WebClient no PC
» Megalon WebClient infectou meu PC
» Megalon WebClient está em meus Processos
» Megalon WebClient
» Megalon WebClient no PC
» Megalon WebClient infectou meu PC
» Megalon WebClient está em meus Processos
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|