Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 9 usuários online :: 0 registrados, 0 invisíveis e 9 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Remoção de malware wxtete.exe
2 participantes
Página 1 de 1
Remoção de malware wxtete.exe
Olá senhores, bom dia!
Ao abrir uma página de banco percebi que algo estava errado, quando tentei desligar a máquina, notei que havia o estranho arquivo wxteste.exe rodando. Por gentileza, me ajudem a eliminá-lo. Já exibi os arquivos ocultos e o wxteste.exe ainda não aparece por busca simples.
- Windows 7
Obrigado!
Ao abrir uma página de banco percebi que algo estava errado, quando tentei desligar a máquina, notei que havia o estranho arquivo wxteste.exe rodando. Por gentileza, me ajudem a eliminá-lo. Já exibi os arquivos ocultos e o wxteste.exe ainda não aparece por busca simples.
- Windows 7
Obrigado!
PSouza- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 07/02/2014
Re: Remoção de malware wxtete.exe
Olá PSouza.
Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
*Execute-o e clique no botão Main Menu.
* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].
*Um relatório será apresentado.
*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).
Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.
Ficamos no aguardo de sua resposta.
Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
*Execute-o e clique no botão Main Menu.
* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].
*Um relatório será apresentado.
*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).
Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.
Ficamos no aguardo de sua resposta.
Última edição por Power Max em Seg 17 Fev 2014, 15:10, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção de malware wxtete.exe
Segue o relatório, o novato aqui não tinha percebido essa necessidade. :
- hijackthis:
- Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:49, on 07/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Paulo\AppData\Roaming\WXTESTE\WXTESTE.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\115ZEK9E\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbar.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
O3 - Toolbar: VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Paulo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [WXTESTES] C:\Users\Paulo\AppData\Roaming\WXTESTE\WXTESTE.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\Windows\system32\cmpe.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Internet Updater (InternetUpdater) - Unknown owner - C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WebCake Desktop Updater - cake bake - C:\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15762 bytes
PSouza- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 07/02/2014
Re: Remoção de malware wxtete.exe
Siga, por gentileza, as dicas dos tutoriais abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Última edição por Power Max em Seg 17 Fev 2014, 15:10, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção de malware wxtete.exe
Obrigado,
Farei mais tarde quando eu chegar em casa, pois agora estou no trabalho e daqui fica mais difícil. Se eu pedir minha esposa por telefone, ela vai ficar muito mais confusa que eu...rs
Abraço!
Farei mais tarde quando eu chegar em casa, pois agora estou no trabalho e daqui fica mais difícil. Se eu pedir minha esposa por telefone, ela vai ficar muito mais confusa que eu...rs
Abraço!
PSouza- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 07/02/2014
Re: Remoção de malware wxtete.exe
Ok, ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção de malware wxtete.exe
Segue o relatório:
- adwcleaner:
- # AdwCleaner v3.018 - Relatório criado 07/02/2014 às 11:54:01
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : Paulo - PAULO-HP
# Executando de : C:\Users\Paulo\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : VideoDownloadConverter_4zService
[#] Serviço Deletada : WebCake Desktop Updater
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
Pasta Deletada : C:\ProgramData\boost_interprocess
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\ProgramData\Tarma Installer
Pasta Deletada : C:\Program Files (x86)\Betcat
Pasta Deletada : C:\Program Files (x86)\BonanzaDeals
Pasta Deletada : C:\Program Files (x86)\BonanzaDealsLive
Pasta Deletada : C:\Program Files (x86)\Delta
Pasta Deletada : C:\Program Files (x86)\Desk 365
Pasta Deletada : C:\Program Files (x86)\Iminent
Pasta Deletada : C:\Program Files (x86)\SimilarSites
Pasta Deletada : C:\Program Files (x86)\VideoDownloadConverter_4z
Pasta Deletada : C:\Program Files (x86)\Web Cake
Pasta Deletada : C:\Program Files (x86)\Common Files\337
Pasta Deletada : C:\Users\Paulo\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\Paulo\AppData\Local\Temp\Desk365
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\BabSolution
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\Betcat
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\Desk 365
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\DSite
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\eIntaller
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\file scout
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\SimilarSites
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\Web Cake
Pasta Deletada : C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\rbd4k1q1.default\bprotector_prefs.js
Arquivo Deletada : C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\rbd4k1q1.default\user.js
Arquivo Deletada : C:\Windows\System32\Tasks\BitGuard
Arquivo Deletada : C:\Windows\System32\Tasks\Dealply
Arquivo Deletada : C:\Windows\System32\Tasks\EPUpdater
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chave Deletedo : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chave Deletedo : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Deletedo : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin
Chave Deletedo : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKCU\Software\aed6d1e568e442
Chave Deletedo : HKLM\SOFTWARE\aed6d1e568e442
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter Search Scope Monitor]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VideoDownloadConverter_4z Browser Plugin Loader]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\b1.org
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BabylonToolbar
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\DataMngr
[#] Chave Deletedo : HKCU\Software\DataMngr_Toolbar
Chave Deletedo : HKCU\Software\Delta
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\filescout
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKLM\Software\b1.org
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\BonanzaDealsLive
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\Delta
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall
Chave Deletedo : [x64] HKLM\SOFTWARE\b1.org
Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16428
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
-\\ Mozilla Firefox v3.6.3 (pt-BR)
[ Arquivo : C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\rbd4k1q1.default\prefs.js ]
Linha deletada : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119556&babsrc=NT_ss&mntrId=A88878E3B5E8B170");
Linha deletada : user_pref("browser.search.order.1", "Delta Search");
Linha deletada : user_pref("browser.search.selectedEngine", "Delta Search");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://isearch.babylon.com/?affID=119556&babsrc=HP_ss_btis2&mntrId=A88878E3B5E8B170");
-\\ Google Chrome v
[ Arquivo : C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [32884 octets] - [07/02/2014 11:53:28]
AdwCleaner[S0].txt - [30256 octets] - [07/02/2014 11:54:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30317 octets] ##########
PSouza- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 07/02/2014
Remoção de malware wxtete.exe
Segue relatório:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Paulo on 07/02/2014 at 11:59:55,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1876877549-500871576-116685053-1001\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\video download converter"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Paulo on 07/02/2014 at 11:59:55,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1876877549-500871576-116685053-1001\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\video download converter"
~~~ Event Viewer Logs were cleared
PSouza- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 07/02/2014
Re: Remoção de malware wxtete.exe
Vários problemas foram removidos pelo AdwCleaner e Junkware Removal Tool.
_____________________________________________________________
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log do Malwarebytes
Ficamos no aguardo.
_____________________________________________________________
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log do Malwarebytes
Ficamos no aguardo.
Última edição por Power Max em Seg 17 Fev 2014, 15:11, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção de malware wxtete.exe
Segue o relatório:
- relatório malwarebytes:
- malwarebytesMalwarebytes Anti-Malware (Trial) 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.02.07.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Paulo :: PAULO-HP [administrador]
Proteção: Permitir
07/02/2014 13:42:06
mbam-log-2014-02-07 (13-42-06).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 448665
Tempo decorrido: 48 minuto(s), 53 segundo(s)
Processos de Memória Detectados: 2
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdater.A) -> 2016 -> Será deletado na próxima inicialização.
C:\Users\Paulo\AppData\Roaming\WXTESTE\WXTESTE.exe (Trojan.Banker) -> 2384 -> Será deletado na próxima inicialização.
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 4
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} (PUP.Optional.WebSteroids.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WXTESTES (Trojan.Banker) -> Data: C:\Users\Paulo\AppData\Roaming\WXTESTE\WXTESTE.exe -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater|ImagePath (PUP.Optional.InternetUpdater.A) -> Data: "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe" -> Enviado para a Quarentena e deletado com sucesso.
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 4
C:\ProgramData\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Será deletado na próxima inicialização.
C:\Users\Paulo\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.10.0 (PUP.Optional.Delta.A) -> Enviado para a Quarentena e deletado com sucesso.
Arquivos Detectados: 81
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdater.A) -> Será deletado na próxima inicialização.
C:\Users\Paulo\AppData\Roaming\WXTESTE\WXTESTE.exe (Trojan.Banker) -> Será deletado na próxima inicialização.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Betcat\WBDesktop.Updater.1.0.0.16.exe.vir (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Betcat\WBDesktop.Updater.exe.vir (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaApp.dll.vir (PUP.Optional.Delta) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaEng.dll.vir (PUP.Optional.Delta) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltasrv.exe.vir (PUP.Optional.Delta) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll.vir (PUP.Optional.Delta) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll.vir (PUP.Optional.Delta) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe.vir (PUP.Optional.AudioToAudioToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WADesktop.Updater.exe.vir (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Paulo\AppData\Roaming\Betcat\WebCakeDesktop.exe.vir (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Paulo\AppData\Roaming\Desk 365\components\component_libcef_1.963.439.exe.vir (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Paulo\AppData\Roaming\eIntaller\E2A43161F0EF4fc390552DC540543EF8\Desk365.exe.vir (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Paulo\AppData\Roaming\file scout\filescout.exe.vir (PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\Paulo\AppData\Roaming\Web Cake\WebCakeDesktop.exe.vir (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\4F96.tmp (PUP.Optional.PerformerSoft.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\641F.tmp (PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\8651.tmp (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\A44A.tmp (PUP.Optional.PerformerSoft.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\D5A6.tmp (PUP.Optional.Conduit.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\EDA9.tmp (PUP.Optional.PerformerSoft.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\latest (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\Setup.exe (PUP.Optional.SearchDonkey.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\setup_fsu_cid.exe (Trojan.Sefnit) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\AD89AD08-BAB0-7891-B4D0-07F2DEFF3E5E\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\AD89AD08-BAB0-7891-B4D0-07F2DEFF3E5E\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus15D1\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus3996\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus507F\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus53AB\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus64BA\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus7712\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus7EC0\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus845B\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus86EA\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus8D9E\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus8DBE\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus8E98\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus90CA\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus90E9\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus9156\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus93E5\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus93F5\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus95D8\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus98A6\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus9A6A\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus9BB2\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus9BE1\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus9D86\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus9E03\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus9E41\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\bus9E60\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busA063\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busA17C\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busA3DC\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busA62D\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busA6AA\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busACA3\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busB00C\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busB2FB\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busBA3A\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busC293\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busC6B8\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busC80F\BUSolution.dll (PUP.Optional.BabSolution.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busCF8E\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busF372\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\busF6DC\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\is180804277\bd.exe (PUP.Optional.BonanzaDeals.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\is701137889\dp.exe (PUP.DealPly) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Local\Temp\is701137889\Setup-D502DD2B71B5.exe (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Paulo\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_br.cab (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows\Temp\2A5A.tmp (PUP.BitCoinMiner) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\InternetUpdater\InternetUpdater.ico (PUP.Optional.InternetUpdater.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\InternetUpdater\app.dat (PUP.Optional.InternetUpdater.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\InternetUpdater\data.dat (PUP.Optional.InternetUpdater.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config (PUP.Optional.InternetUpdater.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\InternetUpdater\Uninstall.exe (PUP.Optional.InternetUpdater.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\ShowApp.exe (Trojan.Banker.Gen) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
PSouza- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 07/02/2014
Re: Remoção de malware wxtete.exe
Mais alguns problemas foram removidos.
_______________________________________________
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
_______________________________________________
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 17 Fev 2014, 15:11, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção de malware wxtete.exe
Segue o relatório:
- relatório zoek:
- Zoek.exe v5.0.0.0 Updated 07-February-2014
Tool run by Paulo on 08/02/2014 at 8:46:50,92.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Paulo\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
08/02/2014 08:48:33 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Creating Sample_022014_0855.zip ======================
Process iexplore.exe killed
Copied file C:\Users\Paulo\AppData\Roaming\unins000.exe to sample\unins000.exe
sample\unins000.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6
C:\Users\Public\Desktop\sample_022014_0855.zip created successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\rbd4k1q1.default\prefs.js:
Added to C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\rbd4k1q1.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Users\Paulo\daemonprocess.txt deleted
C:\PROGRA~2\Mobogenie deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\ProgramData\TubeDimmer deleted
C:\Users\Paulo\AppData\Local\avgchrome deleted
C:\Users\Paulo\AppData\Local\Mobogenie deleted
C:\Users\Paulo\AppData\Local\cache deleted
C:\Users\wangzhisong\AppData\Local\Mobogenie deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Users\wangzhisong deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\rbd4k1q1.default\extensions\staged deleted
C:\Users\Paulo\AppData\Roaming\unins000.exe deleted
"C:\Users\Paulo\AppData\Roaming\WXTESTE\pics.dll" deleted
"C:\Users\Paulo\AppData\Roaming\WXTESTE\WXTESTE.tmp" deleted
"C:\Users\Paulo\AppData\Roaming\WXTESTE" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [17/03/2013 14:40]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Paulo\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [02/11/2013 17:24]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
Profilepath: C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\rbd4k1q1.default
A56B8E622037E6D57480F16F4B8F472C - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
F7015E6C5FE1E74C0E029A291E732787 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
BF115DE08783E9FA8A9BB83DAA39149B - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
395BB0421E1C57D201DCE4D48E05E0BA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Paulo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[06/03/2013 03:26]
Google Docs - Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
"Default_Page_URL"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com.br/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox"
==== Reset Google Chrome ======================
C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\web data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1876877549-500871576-116685053-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
HKEY_USERS\S-1-5-21-1876877549-500871576-116685053-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Paulo\Desktop\EasyRecovery Professional Trial.lnk - C:\Program Files (x86)\Ontrack\EasyRecovery Professional Trial\EasyRecovery.exe
C:\Users\Paulo\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Paulo\Desktop\Ontrack Crisis Center.lnk - C:\Program Files (x86)\Ontrack\SharedFiles\crisiscenter.exe
C:\Users\Paulo\Desktop\PC Inspector File Recovery.lnk - C:\Program Files (x86)\Convar\PC Inspector File Recovery\Filerecovery.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\B1 Free Archiver.lnk - C:\Program Files (x86)\B1 Free Archiver\B1Manager.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\eu4[[=.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url
C:\Users\Public\Desktop\Jogar HP Games.lnk - C:\Program Files (x86)\HP Games\onplay\onplay.exe "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src desktopoem
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\Hp\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\uistub.exe
C:\Users\Public\Desktop\RealPlayer.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:desktop
C:\Users\Public\Desktop\Receitanet 1.03 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files\Recuva\recuva64.exe
C:\Users\Public\Desktop\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\hao123desk-international deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1135 folders=147 102279861 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Paulo\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Paulo\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 08/02/2014 at 9:33:34,78 ======================
PSouza- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 07/02/2014
Re: Remoção de malware wxtete.exe
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Última edição por Power Max em Seg 17 Fev 2014, 15:12, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção de malware wxtete.exe
Segue o relatório:
- relatório zhpdiag:
- ~ Relatório do ZHPDiag v2014.2.6.4 - Nicolas Coolman (06/02/2014)
~ Iniciado por Paulo (08/02/2014 10:03:13)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox v3.6.3 (pt-BR)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Norton Internet Security v18.7.0.13
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4055 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 807 GB (87%) free of 918 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PAULO-HP
~ User Name: Paulo
~ All Users Names: Paulo, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Paulo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Paulo\AppData\Roaming\
~ %Desktop% : C:\Users\Paulo\Desktop\
~ %Favorites% : C:\Users\Paulo\Favorites\
~ %LocalAppData% : C:\Users\Paulo\AppData\Local\
~ %StartMenu% : C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 807 Go of 918 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 04:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/15113
~ Mes musiques (My Musics) : 1/817
~ Mes Videos (My Videos) : 1/32
~ Mes Favoris (My Favorites) : 1/85
~ Mes Documents (My Documents) : 3/1070
~ Mon Bureau (My Desktop) : 1/260
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 02s
---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3180]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3936]
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [275072] [PID.3176]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.4024]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576] [PID.720]
[MD5.7F2691FD961C9A704DA221745CCE6295] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.740]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2732]
[MD5.C180E890FFE0FDED8306427D3C836AF2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.1004]
[MD5.B29A08A0CB56CD5A4B9C53A011819657] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.3876]
[MD5.66BB5B07696219FA334452D6F51FD648] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [366720] [PID.3540]
[MD5.C8A8321292A459B0A17FB39A782A5C74] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [806096] [PID.2484]
[MD5.E98D0D64BD25EDCFD3AE0B90514099BA] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.4548]
[MD5.85D374F30A2015D795B1E8D1258866D4] - (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe [116280] [PID.4700]
[MD5.47D7F5E049E3FAA24176FB92859C552B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8333824] [PID.2160]
[MD5.201BCF8550512C105BAC78E9FA401260] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [452136] [PID.840]
[MD5.51B88DDD381FEAE8213A41CDCDABF4B6] - (.LightComm - cmpe.) -- C:\Windows\SysWOW64\cmpe.exe [61440] [PID.1844]
[MD5.FA4A45C179AB0E0F1A31B9751D4B18D7] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2032]
[MD5.E38775922D4A4C05B5D96733AB4CE169] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.1184]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1224]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1620]
[MD5.E78A365CC3E0FBFC018A33DCE01909F8] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [130008] [PID.1864]
[MD5.12B7C7668E6441529E087D1D0E1E032A] - (.PDF Complete Inc - Dispatcher.) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768] [PID.2180]
[MD5.89525CC2DBAD44F7199B9CC188B3F9C5] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2264]
[MD5.506B0B498216371D64ABB69145B70E4C] - (...) -- C:\Program Files (x86)\Tor\tor.exe [3233806] [PID.2348]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4968]
[MD5.02C298382359653BEC4C737C2AB7F9C5] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.4756]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\rbd4k1q1.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Paulo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: B1 Free Archiver.lnk . (.b1.org - B1 Free Archiver.) -- C:\Program Files (x86)\B1 Free Archiver\B1Manager.exe
O4 - GS\Desktop [Public]: Central de Soluções HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\Hpqdirec.exe
O4 - GS\Desktop [Public]: eu4[[=.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: HP ePrinterCenter.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files (x86)\HP\Digital Imaging\AppStudio\hpzsip.url =>.Hewlett-Packard Co
O4 - GS\Desktop [Public]: Jogar HP Games.lnk . (...) -- C:\Program Files (x86)\HP Games\onplay\onplay.exe
O4 - GS\Desktop [Public]: Loja de Suprimentos HP.lnk . (.Hewlett-Packard Development Company L.P. - Shop for HP Supplies.) -- C:\Program Files (x86)\Hp\HPSSUPPLY\hpqSSupply.exe
O4 - GS\Desktop [Public]: Receitanet 1.03 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: VDownloader.lnk . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
O4 - GS\QuickLaunch [Paulo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Paulo]: Mozilla Firefox.lnk . (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (.not file.)
O4 - GS\TaskBar [Paulo]: HP MediaSmart.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - GS\TaskBar [Paulo]: hpDST.lnk . (.Hewlett-Packard Company - Setup Manager.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
O4 - GS\TaskBar [Paulo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Paulo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Paulo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Paulo]: EasyRecovery Professional Trial.lnk . (.Ontrack Data Recovery Inc. - EasyRecovery.) -- C:\Program Files (x86)\Ontrack\EasyRecovery Professional Trial\EasyRecovery.exe
O4 - GS\Desktop [Paulo]: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe
O4 - GS\Desktop [Paulo]: Ontrack Crisis Center.lnk . (.Macromedia, Inc. - Macromedia Flash Player 6.0 r21.) -- C:\Program Files (x86)\Ontrack\SharedFiles\crisiscenter.exe
O4 - GS\Desktop [Paulo]: PC Inspector File Recovery.lnk . (...) -- C:\Program Files (x86)\Convar\PC Inspector File Recovery\Filerecovery.exe
~ Global Startup: 68 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SmartMenu] . (.No owner - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [VideoDownloadConverter Home Page Guard 64 bit] C:\Program Files (x86)\VIDEOD~2\bar\1.bin\AppIntegrator64.exe (.not file.) =>Adware.VideoDownloadConverter
O4 - HKLM\..\Run: [Windows Mobile-based device management] . (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Paulo\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files (x86)\PDF Complete\pdfsty.exe =>.PDF Complete Inc
O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe =>.Symantec Corporation
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1876877549-500871576-116685053-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Paulo\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{30492AD6-43FE-40DC-8119-B6D08947B6E8}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{30492AD6-43FE-40DC-8119-B6D08947B6E8}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{30492AD6-43FE-40DC-8119-B6D08947B6E8}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll (.not file.) =>PUP.BitGuard
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Tor Win32 Service (tor) . (...) - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: Intel(R) Management & Security Application User Notificatio (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
~ Services: 16 Legitimates Filtered in 00mn 07s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [{A8525881-5FA0-43C4-A5F8-C7E903E956E4}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0] =>Adware.BDSearch
~ Scheduled Task: 23 Legitimates Filtered in 00mn 03s
---\\ Software instalados (042)
O42 - Logiciel: Codec Pack Packages - (...) [HKCU][64Bits] -- Codec Pack Packages
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Video Download Converter version 1.0.0.0 - (...) [HKLM][64Bits] -- VDC_is1 =>Adware.VideoDownloadConverter
~ Logic: 54 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\2.6.1125.80]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\aed6d1]
[HKCU\Software\aed6d1e568e4]
[HKCU\Software\b1.org]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 345 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/12/2013 - 21:26:46 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 03/02/2013 - 09:54:02 - [0,728] ----D C:\Program Files (x86)\Oi Velox
O43 - CFD: 02/03/2013 - 18:06:35 - [8,843] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 03/12/2013 - 21:27:13 - [96,633] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 03/12/2013 - 21:30:07 - [27,645] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 03/02/2013 - 20:30:12 - [1,063] ----D C:\Users\Paulo\AppData\Roaming\0B1T1L2V1T1J1L
O43 - CFD: 03/12/2013 - 21:27:17 - [2,773] ----D C:\Users\Paulo\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 10/11/2013 - 10:41:56 - [0,003] ----D C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hao123
O43 - CFD: 02/03/2013 - 18:06:12 - [0,004] ----D C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
~ Program Folder: 182 Legitimates Filtered in 00mn 20s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.02940D6C7722E91342A32CFF5C60F4E4] - 08/02/2014 - 07:44:59 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.B0D69D747AEC89B301CC6AF93F1BEF37] - 08/02/2014 - 08:33:34 ---A- . (...) -- C:\zoek-results.log [17016]
O44 - LFC:[MD5.A9F3A9600556C7251DCA073461DF9CD3] - 08/02/2014 - 08:36:57 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148860]
O44 - LFC:[MD5.33463D6EAAEB72F64A2C7F3DFB08C145] - 08/02/2014 - 08:36:57 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [711006]
~ Files: 14 Legitimates Filtered in 00mn 01s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.2285B31039611D509F6120D691CA661F] - 29/05/2012 - 15:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:[MD5.10FB0FF62AF6262BF88E3607E2AE2A69] - 01/03/2010 - 15:59:50 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [24376]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 08/02/2014 - 08:32:17 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 18 Legitimates Filtered in 00mn 22s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 08/09/2010 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 01/02/2013 - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130201.001\IDSvia64.sys (IDSVia64) .(.Symantec Corporation - IDS Core Driver.) - LEGACY_IDSVIA64
O64 - Services: CurCS - 04/04/2013 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 124 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (.not file.)
O68 - StartMenuInternet:[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.98C9B5A320DD81B7E1CA704A81451AD9] [SPRF][02/11/2013] (...) -- C:\Users\Paulo\AppData\Roaming\unins000.dat [48801]
[MD5.54DB2B8C60F04C5ADE6D711D47EABA75] [SPRF][07/02/2014] (...) -- C:\Users\Paulo\Desktop\AdwCleaner.exe [1166132]
[MD5.7B4E6EA4FB7778A36F5D95087DE10606] [SPRF][08/02/2014] (...) -- C:\Users\Paulo\Desktop\zoek.exe [1283584]
[MD5.D57887042C3B7DEFD35A5E4189DEF77C] [SPRF][15/03/2013] (...) -- C:\Program Files (x86)\dllhost.exe [5214]
[MD5.68DA2BBADB8A9B5EA8E333414EB95F6C] [SPRF][15/03/2013] (...) -- C:\Program Files (x86)\mshtml64.bin [5222]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{F2874D74-6ED1-4A28-AC0D-126894237DB4}" |In - None - P6 - TRUE | .(...) -- E:\setup\hpznui40.exe (.not file.)
O87 - FAEL: "{D34DBEFD-51C1-4FB1-A3C8-1FC8A7D02937}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\minerd.exe (.not file.)
O87 - FAEL: "{72D7576B-9C66-486F-9F9A-22128F67DACE}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\minerd.exe (.not file.)
~ Firewall: 217 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "3E9A223DB85706D47A4C568CF83D870D" . (.Bing Bar.) -- C:\Windows\Installer\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 156 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.55AE59D648BE8E81535D97ED48D14678] [WIS][17/11/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\25d83c1.msi [522752]
~ WIS: 158 Legitimates Filtered in 00mn 15s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 23/07/2013 193696 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
SS - | Demand 18/06/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/09/2010 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Demand 23/07/2013 240288 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
SR - | Auto 10/07/1658 0 | (cmpe) . (.LightComm.) - C:\Windows\system32\cmpe.exe
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 05/08/2010 291896 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 22/11/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 01/10/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 16/04/2011 130008 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
SR - | Auto 01/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe =>.Symantec Corporation
SR - | Auto 28/09/2010 1119768 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 06/03/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 31/08/2013 3233806 | (tor) . (...) - C:\Program Files (x86)\Tor\tor.exe
SR - | Auto 01/10/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 16s
---\\ Scâner Aditional (088)
Database Version : 13030 - (06/02/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VDC_is1] =>Adware.VideoDownloadConverter^
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VDC_is1] =>Adware.VideoDownloadConverter
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKCU\Software\VideoDownloadConverter_4z] =>Adware.VideoDownloadConverter
[HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z] =>Adware.VideoDownloadConverter
[HKLM\Software\Wow6432Node\VideoDownloadConverter_4z] =>Adware.VideoDownloadConverter
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:VideoDownloadConverter Home Page Guard 64 bit =>Adware.VideoDownloadConverter^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Paulo\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter =>Adware.VideoDownloadConverter
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
~ Additionnel Scan: 339613 Items scanned in 00mn 11s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.VideoDownloadConverter
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Mobogenie
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.BitGuard
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.22Find
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.eSafeSecurity
~ MSI: 7 link(s) detected in 00mn 11s
~ 1237 Legitimates filtered by white list
End of the scan (498 lines in 01mn 38s)(0)
PSouza- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 07/02/2014
Re: Remoção de malware wxtete.exe
Copie todo o script que te passei.
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Seg 17 Fev 2014, 15:12, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remoção de malware wxtete.exe
Segue...
Rapport de ZHPFix 2014.2.3.1 par Nicolas Coolman, Update du 03/02/2014
Fichier d'export Registre : C:\Users\Paulo\AppData\Roaming\ZHP\ZHPExportRegistry-08-02-2014-10-54-51.txt
Run by Paulo at 08/02/2014 10:54:44
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 07s)
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\video download converter\unins000.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VDC_is1]
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\b1.org
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\3E9A223DB85706D47A4C568CF83D870D]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\3E9A223DB85706D47A4C568CF83D870D]
ELIMINÉ: Service: BBSvc
ELIMINÉ: Service: BBUpdate
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc
ELIMINÉ: HKCU\Software\VideoDownloadConverter_4z
ELIMINÉ: HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
ELIMINÉ: HKLM\Software\Wow6432Node\VideoDownloadConverter_4z
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ELIMINÉ RunValue: VideoDownloadConverter Home Page Guard 64 bit
ELIMINÉ RunValue: DivXMediaServer
ELIMINÉ RunValue: mobilegeni daemon
ELIMINÉ MWPE Value: NoActiveDesktopChanges
ELIMINÉ: {F2874D74-6ED1-4A28-AC0D-126894237DB4}
ELIMINÉ: {D34DBEFD-51C1-4FB1-A3C8-1FC8A7D02937}
ELIMINÉ: {72D7576B-9C66-486F-9F9A-22128F67DACE}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ AppInit: \progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\paulo\appdata\roaming\microsoft\internet explorer\quick launch\mozilla firefox.lnk
ELIMINÉ: c:\users\paulo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\hp mediasmart.lnk
ELIMINÉ: c:\program files (x86)\microsoft\bingbar\7.2.241.0\bbsvc.exe
ELIMINA REINICIAR: c:\program files (x86)\microsoft\bingbar\7.2.241.0\seaport.exe
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ Temporários windows (9) (80.684 octets)
========== Tarefa planificada ==========
ELIMINÉ: RunAsStdUser
ELIMINÉ: {A8525881-5FA0-43C4-A5F8-C7E903E956E4}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO McAfee Security Scan Plus v3.8.130.10
========== Recapitulativo ==========
13 : Chaves do Registo
14 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
6 : Ficheiros
1 : Softwares
2 : Tarefa planificada
1 : Restauração Sistema
1 : Outros
End of clean in 00mn 32s
========== Caminho do ficheiro do relatório ==========
C:\Users\Paulo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 08/02/2014 10:54:51 [3287]
Rapport de ZHPFix 2014.2.3.1 par Nicolas Coolman, Update du 03/02/2014
Fichier d'export Registre : C:\Users\Paulo\AppData\Roaming\ZHP\ZHPExportRegistry-08-02-2014-10-54-51.txt
Run by Paulo at 08/02/2014 10:54:44
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 07s)
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\video download converter\unins000.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VDC_is1]
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\b1.org
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\3E9A223DB85706D47A4C568CF83D870D]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\3E9A223DB85706D47A4C568CF83D870D]
ELIMINÉ: Service: BBSvc
ELIMINÉ: Service: BBUpdate
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc
ELIMINÉ: HKCU\Software\VideoDownloadConverter_4z
ELIMINÉ: HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
ELIMINÉ: HKLM\Software\Wow6432Node\VideoDownloadConverter_4z
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ELIMINÉ RunValue: VideoDownloadConverter Home Page Guard 64 bit
ELIMINÉ RunValue: DivXMediaServer
ELIMINÉ RunValue: mobilegeni daemon
ELIMINÉ MWPE Value: NoActiveDesktopChanges
ELIMINÉ: {F2874D74-6ED1-4A28-AC0D-126894237DB4}
ELIMINÉ: {D34DBEFD-51C1-4FB1-A3C8-1FC8A7D02937}
ELIMINÉ: {72D7576B-9C66-486F-9F9A-22128F67DACE}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ AppInit: \progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\paulo\appdata\roaming\microsoft\internet explorer\quick launch\mozilla firefox.lnk
ELIMINÉ: c:\users\paulo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\hp mediasmart.lnk
ELIMINÉ: c:\program files (x86)\microsoft\bingbar\7.2.241.0\bbsvc.exe
ELIMINA REINICIAR: c:\program files (x86)\microsoft\bingbar\7.2.241.0\seaport.exe
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ Temporários windows (9) (80.684 octets)
========== Tarefa planificada ==========
ELIMINÉ: RunAsStdUser
ELIMINÉ: {A8525881-5FA0-43C4-A5F8-C7E903E956E4}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO McAfee Security Scan Plus v3.8.130.10
========== Recapitulativo ==========
13 : Chaves do Registo
14 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
6 : Ficheiros
1 : Softwares
2 : Tarefa planificada
1 : Restauração Sistema
1 : Outros
End of clean in 00mn 32s
========== Caminho do ficheiro do relatório ==========
C:\Users\Paulo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 08/02/2014 10:54:51 [3287]
PSouza- Iniciante
- Mensagens : 9
Reputação : 0
Data de inscrição : 07/02/2014
Re: Remoção de malware wxtete.exe
Só para finalizar faça estes últimos procedimentos, por gentileza:
Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).
Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:
Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.
Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):
Depois disto siga também as dicas deste tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)
*Depois disto é só executá-lo, deixar selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique em [Run]
Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).
Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.
Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
__________________________________________________________________________________________________________________Depois disto siga também as dicas deste tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)
*Depois disto é só executá-lo, deixar selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique em [Run]
Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Última edição por Power Max em Seg 17 Fev 2014, 15:13, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção de malware wxtete.exe
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes
» Remoção de malware
» Remoçao de malware - Buzz wok
» Remoção de malware
» Remoção do Malware "Linkbucks"
» Remoção de malware.
» Remoçao de malware - Buzz wok
» Remoção de malware
» Remoção do Malware "Linkbucks"
» Remoção de malware.
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|