Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14838 usuários registradosO último membro registrado é Lanterna Verde com Disco
Os nossos membros postaram um total de 36058 mensagens em 3689 assuntos
Quem está conectado?
Há 138 usuários online :: 0 registrados, 0 invisíveis e 138 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Melondrea - Como remover
2 participantes
Página 1 de 1
Melondrea - Como remover
Boa noite, meu pc está abrindo várias janelas de propaganda enquanto navego na internet, fui verificar e descobri que tem um programa chamado melandroia instalado. Gentileza me ajudar a remover essa praga. Segue o relatório:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:27, on 11/03/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16798)
Boot mode: Normal
Running processes:
C:\Users\THIAGO RESENDE\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Program Files (x86)\iSafe\iSafeTray.exe
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: melondrea - {16f059cb-3d3f-4ecc-b426-bafa47233676} - C:\Program Files (x86)\melondrea\melondreabho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe" -auto -start
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{7234E702-3B93-4BDB-A6A8-29AE0826F23C}: NameServer = 192.168.1.1,8.8.8.8
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\Windows\system32\AdminService.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: iSafeService - Elex do Brasil Participações Ltda - C:\Program Files (x86)\iSafe\iSafeSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\MySQL\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Baidu PC App Store Service 3.15.0.4263 (PCAppStoreSvc_{PCAppStore_3.15.0.4263}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update melondrea - Unknown owner - C:\Program Files (x86)\melondrea\updatemelondrea.exe
O23 - Service: Util melondrea - Unknown owner - C:\Program Files (x86)\melondrea\bin\utilmelondrea.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9357 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:27, on 11/03/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16798)
Boot mode: Normal
Running processes:
C:\Users\THIAGO RESENDE\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Program Files (x86)\iSafe\iSafeTray.exe
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: melondrea - {16f059cb-3d3f-4ecc-b426-bafa47233676} - C:\Program Files (x86)\melondrea\melondreabho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe" -auto -start
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{7234E702-3B93-4BDB-A6A8-29AE0826F23C}: NameServer = 192.168.1.1,8.8.8.8
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\Windows\system32\AdminService.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: iSafeService - Elex do Brasil Participações Ltda - C:\Program Files (x86)\iSafe\iSafeSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\MySQL\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Baidu PC App Store Service 3.15.0.4263 (PCAppStoreSvc_{PCAppStore_3.15.0.4263}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update melondrea - Unknown owner - C:\Program Files (x86)\melondrea\updatemelondrea.exe
O23 - Service: Util melondrea - Unknown owner - C:\Program Files (x86)\melondrea\bin\utilmelondrea.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9357 bytes
Thiagoresende- Membro
- Mensagens : 62
Reputação : 1
Data de inscrição : 11/03/2014
Re: Melondrea - Como remover
Segue também o relatório do Adwcleaner:
# AdwCleaner v3.021 - Relatório criado 11/03/2014 às 21:27:56
# Atualizado 10/03/2014 por Xplode
# Sistema Operacional : Windows 8 Pro (64 bits)
# Usuário : THIAGO RESENDE - THIAGO
# Executando de : C:\Users\THIAGO RESENDE\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : iSafeKrnl
Serviço Deletada : iSafeNetFilter
[#] Serviço Deletada : iSafeService
***** [ Arquivos / Pastas ] *****
[!] Pasta Deletada : C:\Program Files (x86)\iSafe
Pasta Deletada : C:\Program Files (x86)\melondrea
Pasta Deletada : C:\Users\THIAGO RESENDE\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\THIAGO RESENDE\AppData\Roaming\iSafe
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16798
-\\ Google Chrome v
[ Arquivo : C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1370 octets] - [11/03/2014 21:26:39]
AdwCleaner[S0].txt - [1280 octets] - [11/03/2014 21:27:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1340 octets] ##########
# AdwCleaner v3.021 - Relatório criado 11/03/2014 às 21:27:56
# Atualizado 10/03/2014 por Xplode
# Sistema Operacional : Windows 8 Pro (64 bits)
# Usuário : THIAGO RESENDE - THIAGO
# Executando de : C:\Users\THIAGO RESENDE\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : iSafeKrnl
Serviço Deletada : iSafeNetFilter
[#] Serviço Deletada : iSafeService
***** [ Arquivos / Pastas ] *****
[!] Pasta Deletada : C:\Program Files (x86)\iSafe
Pasta Deletada : C:\Program Files (x86)\melondrea
Pasta Deletada : C:\Users\THIAGO RESENDE\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\THIAGO RESENDE\AppData\Roaming\iSafe
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16798
-\\ Google Chrome v
[ Arquivo : C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1370 octets] - [11/03/2014 21:26:39]
AdwCleaner[S0].txt - [1280 octets] - [11/03/2014 21:27:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1340 octets] ##########
Thiagoresende- Membro
- Mensagens : 62
Reputação : 1
Data de inscrição : 11/03/2014
Re: Melondrea - Como remover
Olá.
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log do Malwarebytes.
Ficamos no aguardo.
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log do Malwarebytes.
Ficamos no aguardo.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Melondrea - Como remover
Olá, uma dúvida, o programa melondrea ainda está nos meus programas, eu devo também desinstala-lo? Segue o log do Malwarebytes que você me pediu:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.03.11.10
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
THIAGO RESENDE :: THIAGO [administrador]
Proteção: Permitir
11/03/2014 22:06:52
mbam-log-2014-03-11 (22-06-52).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 366272
Tempo decorrido: 1 hora(s), 2 minuto(s), 38 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 41
HKCR\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828} (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828} (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{16f059cb-3d3f-4ecc-b426-bafa47233676} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{4ab7647f-75b6-4486-9584-efee06afee68} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{AE20B22F-60C1-4753-ABAE-459C85D3E303} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16F059CB-3D3F-4ECC-B426-BAFA47233676} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{16F059CB-3D3F-4ECC-B426-BAFA47233676} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{16F059CB-3D3F-4ECC-B426-BAFA47233676} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickCtrl.9 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickProcessLauncherMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.Update3WebControl.3 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoCreateAsync (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreClass (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreClass.1 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreMachineClass (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreMachineClass.1 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CredentialDialogMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.ProcessLauncher (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3COMClassService (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachineFallback (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebSvc (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\AppID\SaveSenseLive.exe (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\SaveSense (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\melondrea (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SYSTEM\CurrentControlSet\Services\Update melondrea (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\Software\melondrea (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 13
C:\AdwCleaner\Quarantine\C\Program Files (x86)\melondrea\melondreaBHO.dll.vir (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\melondrea\updatemelondrea.exe.vir (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\melondrea\bin\utilmelondrea.exe.vir (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\AppData\Local\Temp\n6225\s6225.exe (PUP.Optional.Rapiddown) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\Baixar Filme Todos Os Tons Do Prazer Dublado (1).exe (PUP.Optional.Midia) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\Baixar Filme Todos Os Tons Do Prazer Dublado.exe (PUP.Optional.Midia) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\FlashPlayersetup__4743_i426009722_il6.exe (PUP.Optional.Amonetize.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\Revo Uninstaller.exe (PUP.Optional.Solimba) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\rpds.TOPRAZER.zip.exe (PUP.Optional.Installer.REX) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\Spybot - Search .exe (PUP.Optional.BundleInstaller) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\uTorrent (1).exe (PUP.Optional.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\uTorrent.exe (PUP.Optional.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job (PUP.Optional.SaveSense) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.03.11.10
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
THIAGO RESENDE :: THIAGO [administrador]
Proteção: Permitir
11/03/2014 22:06:52
mbam-log-2014-03-11 (22-06-52).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 366272
Tempo decorrido: 1 hora(s), 2 minuto(s), 38 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 41
HKCR\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828} (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828} (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{16f059cb-3d3f-4ecc-b426-bafa47233676} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{4ab7647f-75b6-4486-9584-efee06afee68} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{AE20B22F-60C1-4753-ABAE-459C85D3E303} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16F059CB-3D3F-4ECC-B426-BAFA47233676} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{16F059CB-3D3F-4ECC-B426-BAFA47233676} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{16F059CB-3D3F-4ECC-B426-BAFA47233676} (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickCtrl.9 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickProcessLauncherMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLive.Update3WebControl.3 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoCreateAsync (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreClass (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreClass.1 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreMachineClass (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CoreMachineClass.1 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CredentialDialogMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.ProcessLauncher (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3COMClassService (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachine (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachineFallback (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebSvc (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\SaveSenseLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\AppID\SaveSenseLive.exe (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\SaveSense (PUP.Optional.SaveSense.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\melondrea (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SYSTEM\CurrentControlSet\Services\Update melondrea (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\Software\melondrea (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 13
C:\AdwCleaner\Quarantine\C\Program Files (x86)\melondrea\melondreaBHO.dll.vir (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\melondrea\updatemelondrea.exe.vir (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\melondrea\bin\utilmelondrea.exe.vir (PUP.Optional.Melondrea.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\AppData\Local\Temp\n6225\s6225.exe (PUP.Optional.Rapiddown) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\Baixar Filme Todos Os Tons Do Prazer Dublado (1).exe (PUP.Optional.Midia) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\Baixar Filme Todos Os Tons Do Prazer Dublado.exe (PUP.Optional.Midia) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\FlashPlayersetup__4743_i426009722_il6.exe (PUP.Optional.Amonetize.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\Revo Uninstaller.exe (PUP.Optional.Solimba) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\rpds.TOPRAZER.zip.exe (PUP.Optional.Installer.REX) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\Spybot - Search .exe (PUP.Optional.BundleInstaller) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\uTorrent (1).exe (PUP.Optional.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\THIAGO RESENDE\Downloads\uTorrent.exe (PUP.Optional.Bundler) -> Enviado para a Quarentena e deletado com sucesso.
C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job (PUP.Optional.SaveSense) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
Thiagoresende- Membro
- Mensagens : 62
Reputação : 1
Data de inscrição : 11/03/2014
Re: Melondrea - Como remover
Sim, é importante desinstalá-lo.Olá, uma dúvida, o programa melondrea ainda está nos meus programas, eu devo também desinstala-lo?
_________________________________________________________________________________________________
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qua 12 Mar 2014, 22:20, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Melondrea - Como remover
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by THIAGO RESENDE on 12/03/2014 at 17:19:05,06.
Microsoft Windows 8 Pro 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\THIAGO RESENDE\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/03/2014 17:20:35 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update melondrea deleted successfully
==== Deleting Files \ Folders ======================
C:\Users\THIAGO RESENDE\daemonprocess.txt deleted
C:\Users\THIAGO RESENDE\.android deleted
C:\PROGRA~2\Hosts_Anti_Adwares_PUPs deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\Users\THIAGO RESENDE\AppData\Local\CRE deleted
C:\Users\THIAGO RESENDE\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Users\THIAGO RESENDE\AppData\Roaming\unins000.exe deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"quickprint@hp.com"="C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension" [26/01/2011 13:27]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07/02/2014 17:41]
Docs - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Docs - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Wallet - THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Docs - USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\THIAGO RESENDE\Desktop\Assistente Pimaco +.lnk - C:\Program Files (x86)\Assistente Pimaco +\files\Assistente Pimaco +.exe
C:\Users\THIAGO RESENDE\Desktop\Baidu PC Faster.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -shortcut
C:\Users\THIAGO RESENDE\Desktop\Cedente.lnk - C:\sicoob\Sicoob\Cedente.exe
C:\Users\THIAGO RESENDE\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\THIAGO RESENDE\Desktop\Google Chrome.lnk - C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\Desktop\Hábil Empresarial.lnk -
C:\Users\THIAGO RESENDE\Desktop\PC App Store.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe /openfrom=shortcut
C:\Users\THIAGO RESENDE\Desktop\RealtecSuporte.lnk - C:\Realtec\Sgi\Exe\RealtecSuporte.exe
C:\Users\THIAGO RESENDE\Desktop\RealtecSuporteT.lnk - C:\Realtec\Sgi\Exe\RealtecSuporteT.exe
C:\Users\THIAGO RESENDE\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\THIAGO RESENDE\Desktop\SGI.lnk - C:\Realtec\Sgi\Exe\SGI.exe
C:\Users\THIAGO RESENDE\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\YAC.lnk - C:\Program Files (x86)\iSafe\iStart.exe
==== shortcuts in Users Start Menu ======================
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast antivirus.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -startmenu
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Feedback.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterFeedback.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\PC App Store.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe /openfrom=startmenu
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\UninstCaller.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pimaco\Assistente Pimaco +.lnk - C:\Program Files (x86)\Assistente Pimaco +\files\Assistente Pimaco +.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pimaco\Uninstall.lnk - C:\Program Files (x86)\Assistente Pimaco +\Uninstall\Uninstall.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sicoob\Cedente.lnk - C:\sicoob\Sicoob\Cedente.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sicoob\Desinstalador.lnk - C:\sicoob\Sicoob\desinstalador\Desinstalador.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TagSoft\TagComércio\TagComércio.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -startmenu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Feedback.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterFeedback.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\PC App Store.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe /openfrom=startmenu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\UninstCaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Desinstalar.lnk - C:\Program Files (x86)\HP\HP LaserJet P1100 Series\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Guia da HP LaserJet.lnk - C:\Program Files (x86)\HP\HP LaserJet P1100 Series\C_help\Help.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Notas de instalação.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hábil Empresarial\Desinstalar Hábil .lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hábil Empresarial\Hábil Empresarial.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hábil Empresarial\Servidor do Hábil Empresarial.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtec\Desinstalar Sistema Gerencial Integrado.lnk - C:\Realtec\Sgi\Exe\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtec\Realtec Sistemas - Web.lnk - C:\Realtec\Sgi\Exe\Sgi.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtec\Sistema Gerencial Integrado.lnk - C:\Realtec\Sgi\Exe\SGI.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hábil Empresarial.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Servidor do Hábil Empresarial.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7P68RBM7 will be deleted at reboot
C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AKAOX1XQ will be deleted at reboot
C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FL1I4A1J will be deleted at reboot
C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JH4KRD2L will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=13 folders=5 4157122 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\THIAGO RESENDE\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\THIAGO~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7P68RBM7" not found
"C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AKAOX1XQ" not found
"C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FL1I4A1J" not found
"C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JH4KRD2L" not found
==== EOF on 12/03/2014 at 17:58:52,57 ======================
Tool run by THIAGO RESENDE on 12/03/2014 at 17:19:05,06.
Microsoft Windows 8 Pro 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\THIAGO RESENDE\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/03/2014 17:20:35 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util melondrea deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update melondrea deleted successfully
==== Deleting Files \ Folders ======================
C:\Users\THIAGO RESENDE\daemonprocess.txt deleted
C:\Users\THIAGO RESENDE\.android deleted
C:\PROGRA~2\Hosts_Anti_Adwares_PUPs deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\Users\THIAGO RESENDE\AppData\Local\CRE deleted
C:\Users\THIAGO RESENDE\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Users\THIAGO RESENDE\AppData\Roaming\unins000.exe deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"quickprint@hp.com"="C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension" [26/01/2011 13:27]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07/02/2014 17:41]
Docs - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Docs - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Wallet - THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Docs - USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.superdownloads.com.br/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\THIAGO RESENDE\Desktop\Assistente Pimaco +.lnk - C:\Program Files (x86)\Assistente Pimaco +\files\Assistente Pimaco +.exe
C:\Users\THIAGO RESENDE\Desktop\Baidu PC Faster.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -shortcut
C:\Users\THIAGO RESENDE\Desktop\Cedente.lnk - C:\sicoob\Sicoob\Cedente.exe
C:\Users\THIAGO RESENDE\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\THIAGO RESENDE\Desktop\Google Chrome.lnk - C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\Desktop\Hábil Empresarial.lnk -
C:\Users\THIAGO RESENDE\Desktop\PC App Store.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe /openfrom=shortcut
C:\Users\THIAGO RESENDE\Desktop\RealtecSuporte.lnk - C:\Realtec\Sgi\Exe\RealtecSuporte.exe
C:\Users\THIAGO RESENDE\Desktop\RealtecSuporteT.lnk - C:\Realtec\Sgi\Exe\RealtecSuporteT.exe
C:\Users\THIAGO RESENDE\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\THIAGO RESENDE\Desktop\SGI.lnk - C:\Realtec\Sgi\Exe\SGI.exe
C:\Users\THIAGO RESENDE\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\YAC.lnk - C:\Program Files (x86)\iSafe\iStart.exe
==== shortcuts in Users Start Menu ======================
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast antivirus.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -startmenu
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Feedback.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterFeedback.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\PC App Store.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe /openfrom=startmenu
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\UninstCaller.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pimaco\Assistente Pimaco +.lnk - C:\Program Files (x86)\Assistente Pimaco +\files\Assistente Pimaco +.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pimaco\Uninstall.lnk - C:\Program Files (x86)\Assistente Pimaco +\Uninstall\Uninstall.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sicoob\Cedente.lnk - C:\sicoob\Sicoob\Cedente.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sicoob\Desinstalador.lnk - C:\sicoob\Sicoob\desinstalador\Desinstalador.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TagSoft\TagComércio\TagComércio.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe -startmenu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Feedback.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterFeedback.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\PC App Store.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe /openfrom=startmenu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\UninstCaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Desinstalar.lnk - C:\Program Files (x86)\HP\HP LaserJet P1100 Series\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Guia da HP LaserJet.lnk - C:\Program Files (x86)\HP\HP LaserJet P1100 Series\C_help\Help.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Notas de instalação.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hábil Empresarial\Desinstalar Hábil .lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hábil Empresarial\Hábil Empresarial.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hábil Empresarial\Servidor do Hábil Empresarial.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtec\Desinstalar Sistema Gerencial Integrado.lnk - C:\Realtec\Sgi\Exe\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtec\Realtec Sistemas - Web.lnk - C:\Realtec\Sgi\Exe\Sgi.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtec\Sistema Gerencial Integrado.lnk - C:\Realtec\Sgi\Exe\SGI.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hábil Empresarial.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Servidor do Hábil Empresarial.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7P68RBM7 will be deleted at reboot
C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AKAOX1XQ will be deleted at reboot
C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FL1I4A1J will be deleted at reboot
C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JH4KRD2L will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=13 folders=5 4157122 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\THIAGO RESENDE\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\THIAGO~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7P68RBM7" not found
"C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AKAOX1XQ" not found
"C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FL1I4A1J" not found
"C:\Users\THIAGO RESENDE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JH4KRD2L" not found
==== EOF on 12/03/2014 at 17:58:52,57 ======================
Thiagoresende- Membro
- Mensagens : 62
Reputação : 1
Data de inscrição : 11/03/2014
Re: Melondrea - Como remover
Siga, por gentileza, as dicas do tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Melondrea - Como remover
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 Pro x64
Ran by THIAGO RESENDE on 12/03/2014 at 21:28:37,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/03/2014 at 21:43:22,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 Pro x64
Ran by THIAGO RESENDE on 12/03/2014 at 21:28:37,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/03/2014 at 21:43:22,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thiagoresende- Membro
- Mensagens : 62
Reputação : 1
Data de inscrição : 11/03/2014
Re: Melondrea - Como remover
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Melondrea - Como remover
~ Relatório do ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/03/2014)
~ Iniciado por THIAGO RESENDE (12/03/2014 22:11:58)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16843
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Pro, 64-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W8
---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4003 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 547 GB (78%) free of 698 GB
---\\ Modo de conexão ao sistema
~ Computer Name: THIAGO
~ User Name: THIAGO RESENDE
~ All Users Names: THIAGO RESENDE, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\THIAGO RESENDE\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\THIAGO RESENDE\AppData\Roaming\
~ %Desktop% : C:\Users\THIAGO RESENDE\Desktop\
~ %Favorites% : C:\Users\THIAGO RESENDE\Favorites\
~ %LocalAppData% : C:\Users\THIAGO RESENDE\AppData\Local\
~ %StartMenu% : C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 547 Go of 698 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 05:13:41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.02/02/2013 - 07:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/13820
~ Mes musiques (My Musics) : 1/5934
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/3
~ Mon Bureau (My Desktop) : 3/35
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 12s
---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1888]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3864]
[MD5.94ADEF84B4E7682B2265A21261E06D32] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe [1300672] [PID.3280] =>Adware.BDSearch
[MD5.6E6656C6618C4B0B000267D9AF9EF743] - (.Google Inc. - Google Chrome.) -- C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe [859464] [PID.2980]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.2244]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\THIAGO RESENDE\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: YAC.lnk . (...) -- C:\Program Files (x86)\iSafe\iStart.exe (.not file.) =>Trojan.Trojan.Staser
O4 - GS\Program [Public]: Desktop.lnk - Chave orfã
O4 - GS\QuickLaunch [THIAGO RESENDE]: Hábil Empresarial.lnk . (.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Cliente.exe
O4 - GS\QuickLaunch [THIAGO RESENDE]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [THIAGO RESENDE]: Servidor do Hábil Empresarial.lnk . (.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Servidor_MSA.exe
O4 - GS\QuickLaunch [THIAGO RESENDE]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\THIAGO RESENDE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [THIAGO RESENDE]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [THIAGO RESENDE]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [THIAGO RESENDE]: Transferência de Arquivo Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [THIAGO RESENDE]: Assistente Pimaco +.lnk . (.Macrovision - LaunchAnywhere.) -- C:\Program Files (x86)\Assistente Pimaco +\files\Assistente Pimaco +.exe
O4 - GS\Desktop [THIAGO RESENDE]: Baidu PC Faster.lnk . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe =>Adware.BDSearch
O4 - GS\Desktop [THIAGO RESENDE]: Cedente.lnk . (...) -- C:\sicoob\Sicoob\Cedente.exe
O4 - GS\Desktop [THIAGO RESENDE]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [THIAGO RESENDE]: Hábil Empresarial.lnk . (.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Cliente.exe
O4 - GS\Desktop [THIAGO RESENDE]: PC App Store.lnk . (.Baidu Inc. - Baidu PC App Store.) -- C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe =>Adware.BDSearch
O4 - GS\Desktop [THIAGO RESENDE]: RealtecSuporte.lnk . (.UltraVnc - UltraVnc Self-Extract Setup.) -- C:\Realtec\Sgi\exe\RealtecSuporte.exe
O4 - GS\Desktop [THIAGO RESENDE]: RealtecSuporteT.lnk . (.TeamViewer - No Comment.) -- C:\Realtec\Sgi\exe\RealtecSuporteT.exe
O4 - GS\Desktop [THIAGO RESENDE]: SGI.lnk . (...) -- C:\Realtec\Sgi\exe\SGI.exe
O4 - GS\Desktop [THIAGO RESENDE]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\THIAGO RESENDE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 46 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe =>Adware.BDSearch
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7234E702-3B93-4BDB-A6A8-29AE0826F23C}: NameServer = 192.168.1.1,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{7234E702-3B93-4BDB-A6A8-29AE0826F23C}: NameServer = 192.168.1.1,8.8.8.8
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: MySQL (MySQL) . (...) - C:\MySQL\bin\mysqld.exe
O23 - Service: Baidu PC App Store Service 3.15.0.4263 (PCAppStoreSvc_{PCAppStore_3.15.0.4263}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStoreSvc.exe =>Adware.BDSearch
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
~ Services: 11 Legitimates Filtered in 00mn 29s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
~ Drivers: 50 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Baidu PC Faster - (.Baidu, Inc..) [HKLM][64Bits] -- Baidu PC Faster 4.0.0.0 =>Adware.BDSearch
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Hábil Empresarial - (.Koinonia Software.) [HKLM][64Bits] -- HabilCS2012_is1
O42 - Logiciel: Sistema Gerencial Integrado 1.11.5.4 - (.Realtec Sistemas Ltda.) [HKLM][64Bits] -- Sistema Gerencial Integrado_is1
~ Logic: 25 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Filseclab]
[HKCU\Software\GbAs]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Filseclab]
~ Key Software: 162 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/02/2014 - 19:34:30 - [138,872] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 07/02/2014 - 17:35:53 - [0,234] ----D C:\Program Files (x86)\View-Password =>PUP.ViewPassword
O43 - CFD: 07/03/2014 - 07:52:49 - [4,141] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/02/2014 - 19:34:22 - [38,603] ----D C:\Users\THIAGO RESENDE\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/02/2014 - 19:34:37 - [0,005] ----D C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster =>Adware.BDSearch
O43 - CFD: 09/03/2014 - 17:37:33 - [0,004] ----D C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pimaco
O43 - CFD: 07/02/2014 - 16:57:51 - [0,002] ----D C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sicoob
O43 - CFD: 12/02/2014 - 07:32:57 - [0,002] ----D C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TagSoft
~ Program Folder: 105 Legitimates Filtered in 00mn 05s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 12/03/2014 - 17:18:38 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.87178455DF831A1860E3EF3F6EF0E767] - 12/03/2014 - 17:58:52 ---A- . (...) -- C:\zoek-results.log [19408]
O44 - LFC:[MD5.8B39559C1E80AFA004ECCF9EBD0282DF] - 12/03/2014 - 22:06:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [154608]
O44 - LFC:[MD5.EED5C749610D02F7E52A8A6E6D8A03E6] - 12/03/2014 - 22:06:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [762816]
O44 - LFC:[MD5.90FC18CBEFCD54BE4288541558E5187E] - 26/02/2014 - 19:22:33 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [83264]
~ Files: 34 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 10 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 07/02/2014 - 17:41:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 07/02/2014 - 17:41:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.90FC18CBEFCD54BE4288541558E5187E] - 09/01/2014 - 08:42:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [83264]
O58 - SDL:[MD5.73BDD44A6088916964945886F9025409] - 22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - 22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 26/02/2014 - 09:44:16 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 19 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\users\thiago resende\appdata\local\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.179CD9526BA4C4754294CC9DDD740D8D] [SPRF][07/02/2014] (...) -- C:\Users\THIAGO RESENDE\AppData\Roaming\unins000.dat [18617]
[MD5.1E6EA0A62946E0655D0E7CC261530F98] [SPRF][07/02/2014] (.BitTorrent Inc. - µTorrent.) -- C:\Users\THIAGO RESENDE\Desktop\utorrent.exe [1519696] =>P2P.BitTorrent
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{5FE4C6EB-B535-43FB-AC7A-CB41EF74445B}C:\windows\kmsemulator.exe" |In - Private - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "UDP Query User{56843496-8B73-4213-9E48-0C96E3CC24F2}C:\windows\kmsemulator.exe" |In - Private - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "{B6122EE8-389C-441C-9C70-B09C40F32084}" |In - Private - P6 - TRUE | .(...) -- C:\Nex\NexServ.exe (.not file.)
O87 - FAEL: "{4AF0B287-3FDE-4E39-8CFB-1735C9CC7394}" |In - Private - P17 - TRUE | .(...) -- C:\Nex\NexServ.exe (.not file.)
O87 - FAEL: "TCP Query User{1C724116-2CC9-4D54-A1ED-38B65C762646}C:\program files (x86)\koinonia software\habil empresarial\habil_servidor_msa.exe" | In - Public - P6 - TRUE | .(.Koinonia Software - No Comment.) -- C:\program files (x86)\koinonia software\habil empresarial\habil_servidor_msa.exe
O87 - FAEL: "UDP Query User{5E344DA4-9A38-4A08-8B94-4922CA47403F}C:\program files (x86)\koinonia software\habil empresarial\habil_servidor_msa.exe" | In - Public - P17 - TRUE | .(.Koinonia Software - No Comment.) -- C:\program files (x86)\koinonia software\habil empresarial\habil_servidor_msa.exe
O87 - FAEL: "TCP Query User{E69D281D-0D2F-4574-A106-7DAC1947DD1C}C:\program files (x86)\koinonia software\habil empresarial\habil_servidorrelatorios.exe" | In - Public - P6 - TRUE | .(.Koinonia Software - No Comment.) -- C:\program files (x86)\koinonia software\habil empresarial\habil_servidorrelatorios.exe
O87 - FAEL: "UDP Query User{391B7FA4-630C-4C54-8EAD-8CC7F1C3043F}C:\program files (x86)\koinonia software\habil empresarial\habil_servidorrelatorios.exe" | In - Public - P17 - TRUE | .(.Koinonia Software - No Comment.) -- C:\program files (x86)\koinonia software\habil empresarial\habil_servidorrelatorios.exe
O87 - FAEL: "{6D7AFB13-3BBA-4231-B90A-612FA397A9E7}" |In - Private - P6 - TRUE | .(...) -- C:\Nex\NexAdmin.exe (.not file.)
O87 - FAEL: "{9E037933-2624-46F8-85A2-859887F09028}" |In - Private - P17 - TRUE | .(...) -- C:\Nex\NexAdmin.exe (.not file.)
O87 - FAEL: "{40284FA0-D2A3-4559-8C6F-1F5D6F48D3F2}" | In - Private - P6 - TRUE | .(.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Servidor_MSA.exe
O87 - FAEL: "{52269438-02BC-4883-B684-0D42273C4036}" | In - Private - P17 - TRUE | .(.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Servidor_MSA.exe
O87 - FAEL: "{1D16943F-779C-4520-B4CC-F21EB4E2F98F}" | In - Private - P6 - TRUE | .(.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_ServidorRelatorios.exe
O87 - FAEL: "{10B7E6EB-701F-4E47-A9A2-B1E6F183221F}" | In - Private - P17 - TRUE | .(.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_ServidorRelatorios.exe
~ Firewall: 255 Legitimates Filtered in 00mn 02s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4C949336DB7B005BA27CD81CE0DA471E] [WIS][01/11/2012] (.The Firebird Project - MSI to redistribute VS2005 CRT libraries.) -- C:\Windows\Installer\4fa4ab3.msi [1851392]
~ WIS: 26 Legitimates Filtered in 00mn 02s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 29/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 24/06/2009 136704 | (HP LaserJet Service) . (.HP.) - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 25/06/2013 208384 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe
SR - | Auto 07/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 01/11/2012 98304 | (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
SR - | Demand 01/11/2012 3784704 | (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 26/09/2012 126880 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 20/07/2012 8186368 | (MySQL) . (...) - C:\MySQL\bin\mysqld.exe
SR - | Auto 24/12/2013 576032 | (PCAppStoreSvc_{PCAppStore_3.15.0.4263}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStoreSvc.exe =>Adware.BDSearch
SR - | Auto 03/01/2014 679920 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 6
[HKLM\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.15.0.4263}] =>Adware.BDSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}] =>Adware.BDSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0] =>Adware.BDSearch^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Baidu PC Faster 4.0.0.0 =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\View-Password =>PUP.ViewPassword^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\THIAGO RESENDE\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
C:\Users\THIAGO RESENDE\Desktop\utorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 172619 Items scanned in 00mn 51s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ViewPassword
~ MSI: 3 link(s) detected in 00mn 52s
~ 840 Legitimates filtered by white list
End of the scan (464 lines in 02mn 34s)(0)
~ Iniciado por THIAGO RESENDE (12/03/2014 22:11:58)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16843
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Pro, 64-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W8
---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4003 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 547 GB (78%) free of 698 GB
---\\ Modo de conexão ao sistema
~ Computer Name: THIAGO
~ User Name: THIAGO RESENDE
~ All Users Names: THIAGO RESENDE, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\THIAGO RESENDE\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\THIAGO RESENDE\AppData\Roaming\
~ %Desktop% : C:\Users\THIAGO RESENDE\Desktop\
~ %Favorites% : C:\Users\THIAGO RESENDE\Favorites\
~ %LocalAppData% : C:\Users\THIAGO RESENDE\AppData\Local\
~ %StartMenu% : C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 547 Go of 698 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 05:13:41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/10/2012 - 02:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.02/02/2013 - 07:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/13820
~ Mes musiques (My Musics) : 1/5934
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 1/3
~ Mon Bureau (My Desktop) : 3/35
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 12s
---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1888]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3864]
[MD5.94ADEF84B4E7682B2265A21261E06D32] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe [1300672] [PID.3280] =>Adware.BDSearch
[MD5.6E6656C6618C4B0B000267D9AF9EF743] - (.Google Inc. - Google Chrome.) -- C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe [859464] [PID.2980]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.2244]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\THIAGO RESENDE\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 9 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: YAC.lnk . (...) -- C:\Program Files (x86)\iSafe\iStart.exe (.not file.) =>Trojan.Trojan.Staser
O4 - GS\Program [Public]: Desktop.lnk - Chave orfã
O4 - GS\QuickLaunch [THIAGO RESENDE]: Hábil Empresarial.lnk . (.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Cliente.exe
O4 - GS\QuickLaunch [THIAGO RESENDE]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [THIAGO RESENDE]: Servidor do Hábil Empresarial.lnk . (.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Servidor_MSA.exe
O4 - GS\QuickLaunch [THIAGO RESENDE]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\THIAGO RESENDE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [THIAGO RESENDE]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [THIAGO RESENDE]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [THIAGO RESENDE]: Transferência de Arquivo Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [THIAGO RESENDE]: Assistente Pimaco +.lnk . (.Macrovision - LaunchAnywhere.) -- C:\Program Files (x86)\Assistente Pimaco +\files\Assistente Pimaco +.exe
O4 - GS\Desktop [THIAGO RESENDE]: Baidu PC Faster.lnk . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe =>Adware.BDSearch
O4 - GS\Desktop [THIAGO RESENDE]: Cedente.lnk . (...) -- C:\sicoob\Sicoob\Cedente.exe
O4 - GS\Desktop [THIAGO RESENDE]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\THIAGO RESENDE\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [THIAGO RESENDE]: Hábil Empresarial.lnk . (.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Cliente.exe
O4 - GS\Desktop [THIAGO RESENDE]: PC App Store.lnk . (.Baidu Inc. - Baidu PC App Store.) -- C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStore.exe =>Adware.BDSearch
O4 - GS\Desktop [THIAGO RESENDE]: RealtecSuporte.lnk . (.UltraVnc - UltraVnc Self-Extract Setup.) -- C:\Realtec\Sgi\exe\RealtecSuporte.exe
O4 - GS\Desktop [THIAGO RESENDE]: RealtecSuporteT.lnk . (.TeamViewer - No Comment.) -- C:\Realtec\Sgi\exe\RealtecSuporteT.exe
O4 - GS\Desktop [THIAGO RESENDE]: SGI.lnk . (...) -- C:\Realtec\Sgi\exe\SGI.exe
O4 - GS\Desktop [THIAGO RESENDE]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\THIAGO RESENDE\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 46 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe =>Adware.BDSearch
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7234E702-3B93-4BDB-A6A8-29AE0826F23C}: NameServer = 192.168.1.1,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{7234E702-3B93-4BDB-A6A8-29AE0826F23C}: NameServer = 192.168.1.1,8.8.8.8
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.Firebird Project - Firebird SQL Server.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: MySQL (MySQL) . (...) - C:\MySQL\bin\mysqld.exe
O23 - Service: Baidu PC App Store Service 3.15.0.4263 (PCAppStoreSvc_{PCAppStore_3.15.0.4263}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStoreSvc.exe =>Adware.BDSearch
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
~ Services: 11 Legitimates Filtered in 00mn 29s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys =>Adware.BDSearch
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
~ Drivers: 50 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Baidu PC Faster - (.Baidu, Inc..) [HKLM][64Bits] -- Baidu PC Faster 4.0.0.0 =>Adware.BDSearch
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Hábil Empresarial - (.Koinonia Software.) [HKLM][64Bits] -- HabilCS2012_is1
O42 - Logiciel: Sistema Gerencial Integrado 1.11.5.4 - (.Realtec Sistemas Ltda.) [HKLM][64Bits] -- Sistema Gerencial Integrado_is1
~ Logic: 25 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Filseclab]
[HKCU\Software\GbAs]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Filseclab]
~ Key Software: 162 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/02/2014 - 19:34:30 - [138,872] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 07/02/2014 - 17:35:53 - [0,234] ----D C:\Program Files (x86)\View-Password =>PUP.ViewPassword
O43 - CFD: 07/03/2014 - 07:52:49 - [4,141] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/02/2014 - 19:34:22 - [38,603] ----D C:\Users\THIAGO RESENDE\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/02/2014 - 19:34:37 - [0,005] ----D C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster =>Adware.BDSearch
O43 - CFD: 09/03/2014 - 17:37:33 - [0,004] ----D C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pimaco
O43 - CFD: 07/02/2014 - 16:57:51 - [0,002] ----D C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sicoob
O43 - CFD: 12/02/2014 - 07:32:57 - [0,002] ----D C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TagSoft
~ Program Folder: 105 Legitimates Filtered in 00mn 05s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 12/03/2014 - 17:18:38 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.87178455DF831A1860E3EF3F6EF0E767] - 12/03/2014 - 17:58:52 ---A- . (...) -- C:\zoek-results.log [19408]
O44 - LFC:[MD5.8B39559C1E80AFA004ECCF9EBD0282DF] - 12/03/2014 - 22:06:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [154608]
O44 - LFC:[MD5.EED5C749610D02F7E52A8A6E6D8A03E6] - 12/03/2014 - 22:06:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [762816]
O44 - LFC:[MD5.90FC18CBEFCD54BE4288541558E5187E] - 26/02/2014 - 19:22:33 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [83264]
~ Files: 34 Legitimates Filtered in 00mn 04s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 10 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 07/02/2014 - 17:41:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 07/02/2014 - 17:41:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.37F5CDA64FC515B3072531C1187EDCCA] - 21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.DFC1681F6645CB2AEA83897588F05362] - 21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.90FC18CBEFCD54BE4288541558E5187E] - 09/01/2014 - 08:42:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [83264]
O58 - SDL:[MD5.73BDD44A6088916964945886F9025409] - 22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - 22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 26/02/2014 - 09:44:16 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 19 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.179CD9526BA4C4754294CC9DDD740D8D] [SPRF][07/02/2014] (...) -- C:\Users\THIAGO RESENDE\AppData\Roaming\unins000.dat [18617]
[MD5.1E6EA0A62946E0655D0E7CC261530F98] [SPRF][07/02/2014] (.BitTorrent Inc. - µTorrent.) -- C:\Users\THIAGO RESENDE\Desktop\utorrent.exe [1519696] =>P2P.BitTorrent
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{5FE4C6EB-B535-43FB-AC7A-CB41EF74445B}C:\windows\kmsemulator.exe" |In - Private - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "UDP Query User{56843496-8B73-4213-9E48-0C96E3CC24F2}C:\windows\kmsemulator.exe" |In - Private - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "{B6122EE8-389C-441C-9C70-B09C40F32084}" |In - Private - P6 - TRUE | .(...) -- C:\Nex\NexServ.exe (.not file.)
O87 - FAEL: "{4AF0B287-3FDE-4E39-8CFB-1735C9CC7394}" |In - Private - P17 - TRUE | .(...) -- C:\Nex\NexServ.exe (.not file.)
O87 - FAEL: "TCP Query User{1C724116-2CC9-4D54-A1ED-38B65C762646}C:\program files (x86)\koinonia software\habil empresarial\habil_servidor_msa.exe" | In - Public - P6 - TRUE | .(.Koinonia Software - No Comment.) -- C:\program files (x86)\koinonia software\habil empresarial\habil_servidor_msa.exe
O87 - FAEL: "UDP Query User{5E344DA4-9A38-4A08-8B94-4922CA47403F}C:\program files (x86)\koinonia software\habil empresarial\habil_servidor_msa.exe" | In - Public - P17 - TRUE | .(.Koinonia Software - No Comment.) -- C:\program files (x86)\koinonia software\habil empresarial\habil_servidor_msa.exe
O87 - FAEL: "TCP Query User{E69D281D-0D2F-4574-A106-7DAC1947DD1C}C:\program files (x86)\koinonia software\habil empresarial\habil_servidorrelatorios.exe" | In - Public - P6 - TRUE | .(.Koinonia Software - No Comment.) -- C:\program files (x86)\koinonia software\habil empresarial\habil_servidorrelatorios.exe
O87 - FAEL: "UDP Query User{391B7FA4-630C-4C54-8EAD-8CC7F1C3043F}C:\program files (x86)\koinonia software\habil empresarial\habil_servidorrelatorios.exe" | In - Public - P17 - TRUE | .(.Koinonia Software - No Comment.) -- C:\program files (x86)\koinonia software\habil empresarial\habil_servidorrelatorios.exe
O87 - FAEL: "{6D7AFB13-3BBA-4231-B90A-612FA397A9E7}" |In - Private - P6 - TRUE | .(...) -- C:\Nex\NexAdmin.exe (.not file.)
O87 - FAEL: "{9E037933-2624-46F8-85A2-859887F09028}" |In - Private - P17 - TRUE | .(...) -- C:\Nex\NexAdmin.exe (.not file.)
O87 - FAEL: "{40284FA0-D2A3-4559-8C6F-1F5D6F48D3F2}" | In - Private - P6 - TRUE | .(.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Servidor_MSA.exe
O87 - FAEL: "{52269438-02BC-4883-B684-0D42273C4036}" | In - Private - P17 - TRUE | .(.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_Servidor_MSA.exe
O87 - FAEL: "{1D16943F-779C-4520-B4CC-F21EB4E2F98F}" | In - Private - P6 - TRUE | .(.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_ServidorRelatorios.exe
O87 - FAEL: "{10B7E6EB-701F-4E47-A9A2-B1E6F183221F}" | In - Private - P17 - TRUE | .(.Koinonia Software - No Comment.) -- C:\Program Files (x86)\Koinonia Software\Habil Empresarial\Habil_ServidorRelatorios.exe
~ Firewall: 255 Legitimates Filtered in 00mn 02s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4C949336DB7B005BA27CD81CE0DA471E] [WIS][01/11/2012] (.The Firebird Project - MSI to redistribute VS2005 CRT libraries.) -- C:\Windows\Installer\4fa4ab3.msi [1851392]
~ WIS: 26 Legitimates Filtered in 00mn 02s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 29/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 24/06/2009 136704 | (HP LaserJet Service) . (.HP.) - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 25/06/2013 208384 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe
SR - | Auto 07/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 01/11/2012 98304 | (FirebirdGuardianDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
SR - | Demand 01/11/2012 3784704 | (FirebirdServerDefaultInstance) . (.Firebird Project.) - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 26/09/2012 126880 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 20/07/2012 8186368 | (MySQL) . (...) - C:\MySQL\bin\mysqld.exe
SR - | Auto 24/12/2013 576032 | (PCAppStoreSvc_{PCAppStore_3.15.0.4263}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC App Store\3.15.0.4263\PCAppStoreSvc.exe =>Adware.BDSearch
SR - | Auto 03/01/2014 679920 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe =>Adware.BDSearch
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 6
[HKLM\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.15.0.4263}] =>Adware.BDSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}] =>Adware.BDSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 4.0.0.0] =>Adware.BDSearch^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Baidu PC Faster 4.0.0.0 =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\View-Password =>PUP.ViewPassword^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\THIAGO RESENDE\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\THIAGO RESENDE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster =>Adware.BDSearch^
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PcfTray.exe =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
C:\Users\THIAGO RESENDE\Desktop\utorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 172619 Items scanned in 00mn 51s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ViewPassword
~ MSI: 3 link(s) detected in 00mn 52s
~ 840 Legitimates filtered by white list
End of the scan (464 lines in 02mn 34s)(0)
Thiagoresende- Membro
- Mensagens : 62
Reputação : 1
Data de inscrição : 11/03/2014
Re: Melondrea - Como remover
Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Qui 13 Mar 2014, 22:01, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Melondrea - Como remover
Rapport de ZHPFix 2014.3.12.3 par Nicolas Coolman, Update du 12/03/2014
Fichier d'export Registre :
Run by THIAGO RESENDE at 13/03/2014 18:47:25
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\baidu security\pc faster\4.0.0.0\uninstcaller.exe
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: BprotectEx
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
========== Valores do Registo ==========
ELIMINÉ: TCP Query User{5FE4C6EB-B535-43FB-AC7A-CB41EF74445B}C:\windows\kmsemulator.exe
ELIMINÉ: UDP Query User{56843496-8B73-4213-9E48-0C96E3CC24F2}C:\windows\kmsemulator.exe
ELIMINÉ: {B6122EE8-389C-441C-9C70-B09C40F32084}
ELIMINÉ: {4AF0B287-3FDE-4E39-8CFB-1735C9CC7394}
ELIMINÉ: {6D7AFB13-3BBA-4231-B90A-612FA397A9E7}
ELIMINÉ: {9E037933-2624-46F8-85A2-859887F09028}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\yac.lnk
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (137) (5.703.150 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
8 : Chaves do Registo
12 : Valores do Registo
1 : Pastas
6 : Ficheiros
1 : Softwares
1 : Restauração Sistema
End of clean in 00mn 53s
========== Caminho do ficheiro do relatório ==========
C:\Users\THIAGO RESENDE\AppData\Roaming\ZHP\ZHPFix[R1].txt - 13/03/2014 18:47:29 [2141]
Fichier d'export Registre :
Run by THIAGO RESENDE at 13/03/2014 18:47:25
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\baidu security\pc faster\4.0.0.0\uninstcaller.exe
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: BprotectEx
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
========== Valores do Registo ==========
ELIMINÉ: TCP Query User{5FE4C6EB-B535-43FB-AC7A-CB41EF74445B}C:\windows\kmsemulator.exe
ELIMINÉ: UDP Query User{56843496-8B73-4213-9E48-0C96E3CC24F2}C:\windows\kmsemulator.exe
ELIMINÉ: {B6122EE8-389C-441C-9C70-B09C40F32084}
ELIMINÉ: {4AF0B287-3FDE-4E39-8CFB-1735C9CC7394}
ELIMINÉ: {6D7AFB13-3BBA-4231-B90A-612FA397A9E7}
ELIMINÉ: {9E037933-2624-46F8-85A2-859887F09028}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\yac.lnk
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (137) (5.703.150 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
8 : Chaves do Registo
12 : Valores do Registo
1 : Pastas
6 : Ficheiros
1 : Softwares
1 : Restauração Sistema
End of clean in 00mn 53s
========== Caminho do ficheiro do relatório ==========
C:\Users\THIAGO RESENDE\AppData\Roaming\ZHP\ZHPFix[R1].txt - 13/03/2014 18:47:29 [2141]
Thiagoresende- Membro
- Mensagens : 62
Reputação : 1
Data de inscrição : 11/03/2014
Re: Melondrea - Como remover
Como está o PC após estas limpezas?
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Melondrea - Como remover
Melhorou bastante em relação ao estado que estava, as propagandas e paginas que abriam durante a navegação pararam. Obrigado pela ajuda!!!
Thiagoresende- Membro
- Mensagens : 62
Reputação : 1
Data de inscrição : 11/03/2014
Re: Melondrea - Como remover
Fico feliz que o problema tenha sido resolvido.
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Melondrea - Como remover
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos