Log do Combofix e aplicação das medidas cabíveis.

por jessy.nick Dom 23 Mar 2014, 22:02

Peço que me ajudem se tem algum virus no meu notebook pois não entendo..

ComboFix 14-03-23.01 - jéssica 23/03/2014 20:43:40.3.2 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.4061.2495 [GMT -3]
Executando de: c:\users\jéssica\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SaveSenseLive
c:\program files (x86)\YoutubeAdblocker
c:\program files (x86)\YoutubeAdblocker\hi.dat
c:\program files (x86)\YoutubeAdblocker\hi.tlb
c:\program files (x86)\YoutubeAdblocker\hi.x64.dll
c:\programdata\SaveSenseLive
c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-02-23 to 2014-03-23 ))))))))))))))))))))))))))))
.
.
2014-03-23 23:54 . 2014-03-23 23:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-23 23:54 . 2014-03-23 23:54 -------- d-----w- c:\users\jÃ©ssica\AppData\Local\temp
2014-03-23 23:54 . 2014-03-23 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-23 23:46 . 2014-03-23 23:46 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF72258-2448-4A36-8C9C-DE0FB90A50D0}\offreg.dll
2014-03-23 22:48 . 2014-03-23 22:48 -------- d-----w- c:\users\jéssica\AppData\Roaming\QFX Software
2014-03-23 22:48 . 2014-03-23 22:48 -------- d-----w- c:\programdata\QFX Software
2014-03-23 22:44 . 2013-05-31 14:53 222200 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2014-03-23 22:44 . 2014-03-23 22:44 -------- d-----w- c:\program files (x86)\KeyScrambler
2014-03-21 19:53 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF72258-2448-4A36-8C9C-DE0FB90A50D0}\mpengine.dll
2014-03-12 02:00 . 2014-03-01 02:32 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-11 20:22 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-11 20:22 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2014-03-11 20:22 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-11 20:22 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-03-11 20:17 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-11 20:17 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-11 20:16 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-11 20:16 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-27 21:27 . 2014-02-28 00:03 -------- d-----w- c:\programdata\YoutubeAdblocker
2014-02-27 21:27 . 2014-02-27 21:27 -------- d-----w- c:\programdata\f1956a6e9c123e46
2014-02-27 21:27 . 2014-02-27 21:27 -------- d-----w- c:\users\jéssica\AppData\Local\Packages
2014-02-27 21:27 . 2014-02-27 21:27 -------- d-----w- c:\users\jéssica\AppData\Local\Torch
2014-02-27 21:27 . 2014-02-27 21:27 -------- d-----w- c:\users\jéssica\AppData\Local\Comodo
2014-02-27 21:27 . 2014-02-27 21:27 -------- d-----w- c:\users\Convidado
2014-02-27 21:27 . 2014-02-27 21:27 -------- d-----w- c:\users\Administrador
2014-02-27 21:24 . 2014-02-27 21:24 -------- d-----w- c:\programdata\SafeSoft
2014-02-27 21:19 . 2014-02-27 21:30 -------- d-----w- c:\programdata\InstallMate
2014-02-27 17:59 . 2014-02-27 17:59 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-02-26 22:10 . 2014-03-04 22:26 -------- d-----w- c:\program files (x86)\WinZipper
2014-02-26 22:10 . 2014-02-26 22:10 -------- d-----w- c:\users\jéssica\AppData\Roaming\WinZipper
2014-02-22 00:41 . 2014-02-22 00:41 -------- d-----w- c:\users\jéssica\AppData\Roaming\Baidu Security
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 03:18 . 2012-10-04 14:00 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-11 20:31 . 2012-05-01 23:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 20:31 . 2012-05-01 23:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-26 22:10 . 2010-03-18 12:15 773776 ----a-w- c:\windows\SysWow64\msvcr100.dll
2014-02-26 22:10 . 2010-03-18 12:15 421008 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-12-24 23:09 . 2014-02-12 18:29 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 18:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft AutoScreenRecorder 3.1 Free"="0" [X]
"ares"="c:\program files (x86)\Ares\Ares.exe" [2012-02-02 3209216]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2013-01-17 6860288]
"uTorrent"="c:\users\jéssica\Downloads\uTorrent.exe" [2013-02-10 969104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-26 3814736]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-11-14 508144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Assistente para criação de disco de recuperação.lnk - c:\program files\Positivo Informática\Recovery\Recovery2.exe [2012-1-23 1501184]
IPM.lnk - c:\windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_D7CD4233F948691B91C509.exe [2012-1-23 67646]
OSD.lnk - c:\windows\Installer\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}\_51DECE17D28CB133DD0C64.exe [2012-1-23 4286]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R2 Wpm;Wpm Service;c:\programdata\WPM\wprotectmanager.exe;c:\programdata\WPM\wprotectmanager.exe [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AppManagerService;Serviço do Mundo Positivo;c:\program files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe;c:\program files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BatteryManagerSrv;Battery Manager Service;c:\program files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe;c:\program files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 SoilIO;SoilIO; [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 PositivoAudioDriverWdm;Positivo Audio Driver (WDM);c:\windows\system32\DRIVERS\pad.sys;c:\windows\SYSNATIVE\DRIVERS\pad.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 soilkbc;soilkbc; [x]
S3 SoilMC;SoilMC; [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 20:31]
.
2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-16 16:53]
.
2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-16 16:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-08-31 487424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"StartUpManagerPositivo"="c:\program files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe" [2012-03-01 171520]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MRT"="c:\windows\system32\MRT.exe" [2014-03-18 90015360]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uDefault_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mDefault_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mDefault_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: Baixar com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files (x86)\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files (x86)\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files (x86)\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] files (x86)\Free Download Manager\dlselected.htm
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\
FF - prefs.js: browser.search.selectedEngine - delta-homes
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - ExtSQL: 2014-03-06 15:28; [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]; c:\users\jÃƒÂ©ssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\extensions\thdvdbc7@elcomk.co.uk
user_pref('extensions.dealply.partner', 'iron');
user_pref('extensions.dealply.channel', 'iron3');
user_pref('extensions.dealply.installId', 'v23900293674366399005482012062319033930');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '0');
FF - user.js: extensions.BabylonToolbar_i.id - 9492bdfa00000000000074de2b5c36b3
FF - user.js: extensions.BabylonToolbar_i.hardId - 9492bdfa00000000000074de2b5c36b3
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15514
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - user.js: extensions.funmoods.tlbrSrchUrl - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - user.js: extensions.funmoods.id - 7A7905D3ED40BDFA
FF - user.js: extensions.funmoods.instlDay - 15667
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2221:27:9
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - pcmega1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - pcmega1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1213:43
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - user.js: extensions.BabylonToolbar.id - 9492bdfa00000000000074de2b5c36b3
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15746
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1011:51
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119351&tt=120912_ccp_3912_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{7B96C5DA-1D9D-A171-1142-0B31D960407F} - c:\program files (x86)\YoutubeAdblocker\hi.x64.dll
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0} - c:\progra~2\WS6CA1~1.BO~
AddRemove-FLV Player - c:\program files (x86)\FLVPlayer\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-03-23 20:57:35
ComboFix-quarantined-files.txt 2014-03-23 23:57
ComboFix2.txt 2012-11-26 00:51
.
Pré-execução: 416.763.461.632 bytes disponíveis
Pós execução: 416.396.926.976 bytes disponíveis
.
- - End Of File - - C31EA260E76800E74414267D866AC1EC

por **Power Max** Dom 23 Mar 2014, 22:09

Log do Combofix e aplicação das medidas cabíveis. 648673379

Oi Jessy. Seu computador está com algumas infecções.

Log do Combofix e aplicação das medidas cabíveis. 772309

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por jessy.nick Dom 23 Mar 2014, 23:01

Aqui está o log do AdwCleaner

# AdwCleaner v3.022 - Relatório criado 23/03/2014 às 22:48:30
# Atualizado 13/03/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : jéssica - VIRUS
# Executando de : C:\Downloads\Software\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : Wpm

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\IePluginService
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\YoutubeAdblocker
Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Program Files (x86)\WinZipper
Pasta Deletada : C:\Users\jéssica\AppData\Local\apn
Pasta Deletada : C:\Users\jéssica\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\jéssica\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\jéssica\AppData\Local\torch
Pasta Deletada : C:\Users\jéssica\AppData\Roaming\337
Pasta Deletada : C:\Users\jéssica\AppData\Roaming\awesomehp
Pasta Deletada : C:\Users\jéssica\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\jéssica\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\jéssica\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\jéssica\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\jéssica\AppData\Roaming\WinZipper
Pasta Deletada : C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\jéssica\Documents\Mobogenie
Pasta Deletada : C:\Users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\Extensions\thdvdbc7@elcomk.co.uk
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Users\jéssica\AppData\Local\funmoods.crx
Arquivo Deletada : C:\Users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\invalidprefs.js
Arquivo Deletada : C:\Users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\searchplugins\Askcom.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Arquivo Deletada : C:\Users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\searchplugins\BabylonMngr.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\searchplugins\delta-homes.xml
Arquivo Deletada : C:\Users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\searchplugins\funmoods.xml
Arquivo Deletada : C:\Users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\searchplugins\search.xml
Arquivo Deletada : C:\Users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\user.js
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKCU\Software\522d7dbe668ba10
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pokemon-world-online_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pokemon-world-online_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Chave Deletedo : HKCU\Software\BrowserMngr
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\BrowserMngr
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKLM\Software\winzipersvc
Chave Deletedo : HKLM\Software\Wpm

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16521

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v10.0.2 (pt-BR)

[ Arquivo : C:\Users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\prefs.js ]

Linha deletada : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3912_2&babsrc=HP_ss&mntrId=9492bdfa00000000000074de2b5c36b3");
Linha deletada : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Linha deletada : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?utm_source=b&utm_medium=wpm0226&utm_campaign=ST9500325AS_S2W1RAYJXXXXS2W1RAYJ&utm_content=nt&from=wpm0226&uid=ST9500325AS_S2W1RAYJXX[...]
Linha deletada : user_pref("browser.search.defaultenginename", "delta-homes");
Linha deletada : user_pref("browser.search.selectedEngine", "delta-homes");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://www.awesomehp.com/?type=hp&ts=1393020282&from=pcm&uid=ST9500325AS_S2W1RAYJXXXXS2W1RAYJ");
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar.babTrack", "affID=110823&tt=120912_ccp_3912_2");
Linha deletada : user_pref("extensions.BabylonToolbar.bbDpng", "10");
Linha deletada : user_pref("extensions.BabylonToolbar.cntry", "BR");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Linha deletada : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.BabylonToolbar.hdrMd5", "7E1333EF0965CA759D2DC9A6F1DD2718");
Linha deletada : user_pref("extensions.BabylonToolbar.hmpg", false);
Linha deletada : user_pref("extensions.BabylonToolbar.id", "9492bdfa00000000000074de2b5c36b3");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15746");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1213:43:33");
Linha deletada : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Linha deletada : user_pref("extensions.BabylonToolbar.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.rvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.sg", "azb");
Linha deletada : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9492bdfa00000000000074de2b5c36b3&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1011:51:25");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119351&tt=120912_ccp_3912_2");
Linha deletada : user_pref("extensions.BabylonToolbar_i.hardId", "9492bdfa00000000000074de2b5c36b3");
Linha deletada : user_pref("extensions.BabylonToolbar_i.id", "9492bdfa00000000000074de2b5c36b3");
Linha deletada : user_pref("extensions.BabylonToolbar_i.instlDay", "15514");
Linha deletada : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar_i.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1213:43:33");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Linha deletada : user_pref("extensions.JZqk.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumoro[...]
Linha deletada : user_pref("extensions.funmoods.aflt", "pcmega1");
Linha deletada : user_pref("extensions.funmoods.autoRvrt", false);
Linha deletada : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Linha deletada : user_pref("extensions.funmoods.cntry", "BR");
Linha deletada : user_pref("extensions.funmoods.cv", "cv5");
Linha deletada : user_pref("extensions.funmoods.dfltLng", "");
Linha deletada : user_pref("extensions.funmoods.dfltSrch", true);
Linha deletada : user_pref("extensions.funmoods.dfltlng", "en");
Linha deletada : user_pref("extensions.funmoods.dfltsrch", "false");
Linha deletada : user_pref("extensions.funmoods.dnsErr", true);
Linha deletada : user_pref("extensions.funmoods.envrmnt", "production");
Linha deletada : user_pref("extensions.funmoods.excTlbr", false);
Linha deletada : user_pref("extensions.funmoods.hdrMd5", "ED97542BA33830DBCE2EE36079933D65");
Linha deletada : user_pref("extensions.funmoods.hmpg", true);
Linha deletada : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0DtA0E0DyEtD0B0D0F0AtN0D0Tzu0CtAtBzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=8201164[...]
Linha deletada : user_pref("extensions.funmoods.hrdid", "7A7905D3ED40BDFA");
Linha deletada : user_pref("extensions.funmoods.id", "7A7905D3ED40BDFA");
Linha deletada : user_pref("extensions.funmoods.instlDay", "15667");
Linha deletada : user_pref("extensions.funmoods.instlRef", "pcmega1");
Linha deletada : user_pref("extensions.funmoods.instlday", "15667");
Linha deletada : user_pref("extensions.funmoods.instlref", "pcmega1");
Linha deletada : user_pref("extensions.funmoods.isdcmntcmplt", true);
Linha deletada : user_pref("extensions.funmoods.keywordurl", "");
Linha deletada : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2221:27:9");
Linha deletada : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Linha deletada : user_pref("extensions.funmoods.newTab", true);
Linha deletada : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0DtA0E0DyEtD0B0D0F0AtN0D0Tzu0CtAtBzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=82011[...]
Linha deletada : user_pref("extensions.funmoods.newtab", true);
Linha deletada : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0DtA0E0DyEtD0B0D0F0AtN0D0Tzu0CtAtBzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=82011[...]
Linha deletada : user_pref("extensions.funmoods.prdct", "funmoods");
Linha deletada : user_pref("extensions.funmoods.prtnrId", "funmoods");
Linha deletada : user_pref("extensions.funmoods.prtnrid", "funmoods");
Linha deletada : user_pref("extensions.funmoods.savedVrsnTs", "1");
Linha deletada : user_pref("extensions.funmoods.sg", "none");
Linha deletada : user_pref("extensions.funmoods.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods.smplgrp", "none");
Linha deletada : user_pref("extensions.funmoods.srch", "");
Linha deletada : user_pref("extensions.funmoods.srchPrvdr", "Search");
Linha deletada : user_pref("extensions.funmoods.srchprvdr", "Search");
Linha deletada : user_pref("extensions.funmoods.tlbrId", "base");
Linha deletada : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0DtA0E0DyEtD0B0D0F0AtN0D0Tzu0CtAtBzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=820[...]
Linha deletada : user_pref("extensions.funmoods.tlbrid", "base");
Linha deletada : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0DtA0E0DyEtD0B0D0F0AtN0D0Tzu0CtAtBzztN1L2XzutBtFtBtFtDtFtAyEyE&cr=820[...]
Linha deletada : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Linha deletada : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2221:27:9");
Linha deletada : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Linha deletada : user_pref("extensions.funmoods.vrsnts", "1.5.23.2221:27:9");
Linha deletada : user_pref("extensions.funmoods.xpestat\\xpereportdata", "25-10-2012");
Linha deletada : user_pref("extensions.funmoods_i.newTab", true);
Linha deletada : user_pref("extensions.funmoods_i.smplGrp", "none");
Linha deletada : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:27:9");
Linha deletada : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3912_2&babsrc=HP_ss&mntrId=9492bdfa00000000000074de2b5c36b3");

*************************

AdwCleaner[R0].txt - [22433 octets] - [23/03/2014 22:43:04]
AdwCleaner[R1].txt - [22494 octets] - [23/03/2014 22:47:23]
AdwCleaner[S0].txt - [19290 octets] - [23/03/2014 22:48:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19351 octets] ##########

por **Power Max** Dom 23 Mar 2014, 23:05

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

por jessy.nick Seg 24 Mar 2014, 00:35

Pronto aqui está...

Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: v2014.03.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
jéssica :: VIRUS [administrador]

23/03/2014 23:14:45
mbam-log-2014-03-23 (23-14-45).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 400095
Tempo decorrido: 1 hora(s), 4 minuto(s), 21 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 3
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma (PUP.Optional.QuickStart.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\Software\awesomehpSoftware (PUP.Optional.Awesomehp.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|BrowserMngr Start Page (PUP.Optional.BProtector) -> Data: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 12
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir (PUP.Optional.SupTab.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir (PUP.Optional.WpManager) -> Enviado para a Quarentena e deletado com sucesso.
C:\AdwCleaner\Quarantine\C\Users\jéssica\AppData\Roaming\SupTab\SupTab.dll.vir (PUP.Optional.SupTab.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyTune.dll.vir (PUP.Optional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.
C:\Qoobox\Quarantine\C\Program Files (x86)\YoutubeAdblocker\hi.x64.dll.vir (PUP.Optional.MultiPlug.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\jéssica\Downloads\autoscreenrecorder-31125-baixaki-32-bits-18102012185517.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\jéssica\Downloads\SoftonicDownloader_para_combofix.exe (PUP.Optional.Softonic.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\jéssica\Downloads\SoftonicDownloader_para_pokemon-world-online.exe (PUP.Optional.Softonic) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\jéssica\Downloads\virtual-dj-home-free-73-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\jéssica\Downloads\windows-movie-maker-2-creativity-fun-pack-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\awesomehp.xml (PUP.Optional.Awesomehp.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

por **Power Max** Seg 24 Mar 2014, 00:37

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por jessy.nick Seg 24 Mar 2014, 15:43

Okkk ^^
Aqui está..

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by j‚ssica on 24/03/2014 at 0:42:20,04.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Downloads\Software\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24/03/2014 00:45:06 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-625635302-494686518-3699765739-1000\Software\Microsoft\Internet Explorer\SearchScopes\{65A9DFAE-123F-5132-9548-0116768C6DF1} deleted successfully
HKEY_USERS\S-1-5-21-625635302-494686518-3699765739-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D67A966C-8073-4570-9706-360F92766515} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\JSSICA~1\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\prefs.js:
user_pref("backup.old.browser.startup.homepage", "about:blank");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\JSSICA~1\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\JSSICA~1\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.JZqk removed from prefs.js ----
user_pref("extensions.JZqk.epoch", "1394331788");
user_pref("extensions.JZqk.url", "http://get-jpi.info/sync2/?q=hfZ9ofV9CShEAen0rjw7rchTB6lKDzt4oktitNtVh7n0rjnErTs6rTwGqHsEtMFHhd9FqdaHrdYErTsGqjYMDMl
---- FireFox user.js and prefs.js backups ----

prefs_032014_0107_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\Users\JSSICA~1\AppData\LocalLow\{7B96C5DA-1D9D-A171-1142-0B31D960407F} deleted
C:\Users\JSSICA~1\AppData\Local\Packages\windows_ie_ac_001\AC\{7B96C5DA-1D9D-A171-1142-0B31D960407F} deleted
C:\Users\JSSICA~1\daemonprocess.txt deleted
C:\Users\JSSICA~1\.android deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Free Download Manager deleted
C:\Users\JSSICA~1\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager deleted
C:\user.js deleted
"C:\PROGRA~3\f1956a6e9c123e46\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~3\f1956a6e9c123e46\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\PROGRA~2\Free Download Manager\fdm.exe" deleted
"C:\PROGRA~2\Free Download Manager\fdmbtsupp.dll" deleted
"C:\PROGRA~2\Free Download Manager\fdmcs.dat" deleted
"C:\PROGRA~3\f1956a6e9c123e46" deleted
"C:\PROGRA~2\Free Download Manager" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/05/2013 19:06]

==== Firefox Extensions ======================

ProfilePath: C:\Users\JSSICA~1\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default
- avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - %ProfilePath%\extensions\fdm_ffext@freedownloadmanager.org

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/03/2012 21:12]

YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi
QR Image from URL - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi
QR Image from URL - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi
QR Image from URL - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce
YoutubeAdblocker - Administrador\AppData\Local\Torch\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi
QR Image from URL - Administrador\AppData\Local\Torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce
YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi
QR Image from URL - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi
QR Image from URL - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi
QR Image from URL - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce
YoutubeAdblocker - Convidado\AppData\Local\Torch\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi
QR Image from URL - Convidado\AppData\Local\Torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce
YoutubeAdblocker - JSSICA~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi
QR Image from URL - JSSICA~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce
Last updated at time on date - JSSICA~1\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
avast WebRep - JSSICA~1\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Google Wallet - JSSICA~1\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
YoutubeAdblocker - JSSICA~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi
QR Image from URL - JSSICA~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce

==== Chrome Fix ======================

C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi deleted successfully
C:\Users\JSSICA~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi deleted successfully
C:\Users\JSSICA~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\echknbpjejgaccmflamhbikmmgpmefmi deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce deleted successfully
C:\Users\Administrador\AppData\Local\Torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce deleted successfully
C:\Users\Convidado\AppData\Local\Torch\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce deleted successfully
C:\Users\JSSICA~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce deleted successfully
C:\Users\JSSICA~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nioihlfoddilijjjeknopfcbglallkce deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Backup.Old.Start Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Backup.Old.Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\JSSICA~1\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\JSSICA~1\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-625635302-494686518-3699765739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-625635302-494686518-3699765739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-625635302-494686518-3699765739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} deleted successfully
HKEY_USERS\S-1-5-21-625635302-494686518-3699765739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} deleted successfully
HKEY_USERS\S-1-5-21-625635302-494686518-3699765739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-625635302-494686518-3699765739-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\JSSICA~1\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\Users\JSSICA~1\Desktop\FLV Player.lnk - C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe
C:\Users\JSSICA~1\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\JSSICA~1\Desktop\Fraps.lnk - C:\Fraps\fraps.exe
C:\Users\JSSICA~1\Desktop\Free Download Manager.lnk - C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Users\JSSICA~1\Desktop\Google Chrome.lnk - C:\Users\jéssica\AppData\Local\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\JSSICA~1\Desktop\jéssica.lnk -
C:\Users\JSSICA~1\Desktop\KeyScrambler.lnk - C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\Users\JSSICA~1\Desktop\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\JSSICA~1\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\JSSICA~1\Desktop\Microsoft Visual Basic 2008 Express Edition.lnk - C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe
C:\Users\JSSICA~1\Desktop\PhotoFiltre Studio X.lnk - C:\Program Files (x86)\PhotoFiltre Studio X\pfstudiox.exe
C:\Users\JSSICA~1\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\JSSICA~1\Desktop\Skype.lnk - C:\Program Files (x86)\Common Files\Skype\Phone\Skype.exe
C:\Users\JSSICA~1\Desktop\TS3 - Atalho.lnk - C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3.exe
C:\Users\JSSICA~1\Desktop\VirtualDJ Home FREE.lnk - C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe
C:\Users\JSSICA~1\Desktop\Windows Live Messenger .lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\JSSICA~1\Desktop\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe
C:\Users\JSSICA~1\Desktop\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Ares.lnk - C:\Program Files (x86)\Ares\Ares.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Cadastro.lnk - C:\Program Files (x86)\Positivo Informática\SW_Cadastro\Registro.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe
C:\Users\Public\Desktop\Debut Video Capture Software.lnk - C:\Program Files (x86)\NCH Software\Debut\debut.exe
C:\Users\Public\Desktop\DreamScene Seven.lnk - C:\Program Files (x86)\DreamScene Seven\dreamsceneseven.exe
C:\Users\Public\Desktop\Free Screen Video Capture by Topviewsoft.lnk - C:\Program Files (x86)\Free Screen Video Capture by Topviewsoft\videocapture.exe
C:\Users\Public\Desktop\Intelli-studio.lnk - C:\Program Files (x86)\SAMSUNG\Intelli-studio\iStudio.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Manual do Usuário.lnk -
C:\Users\Public\Desktop\Mundo Positivo.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoUI.exe Offer
C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Positivo 3D Incrível.lnk -
C:\Users\Public\Desktop\Relação de Assistências Técnicas Autorizadas.lnk -
C:\Users\Public\Desktop\Second Life Viewer.lnk - C:\Program Files (x86)\SecondLifeViewer\SecondLife.exe --set InstallLanguage en
C:\Users\Public\Desktop\Webcam.lnk - C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_F4711BF7C212A03CB0C5A8.exe
C:\Users\Public\Desktop\µTorrent.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -
C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler\Getting Started.lnk - C:\Program Files (x86)\KeyScrambler\getting_started.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler\KeyScrambler Options.lnk - C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe /o
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler\KeyScrambler.lnk - C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler\Uninstall KeyScrambler.lnk - C:\Program Files (x86)\KeyScrambler\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\SysWOW64\msiexec.exe /i {91BA5476-8B26-49E4-84B2-9EFE10917B33} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

==== shortcuts After Repair ======================

C:\Users\JSSICA~1\Desktop\Google Chrome.lnk - C:\Users\jéssica\AppData\Local\Google\Chrome\Application\chrome.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\5b98c903-2ca6-4615-80af-9492b4f40473 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\a1a9da74-4616-4eed-895d-31a97cfc8679 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free Download Manager_is1 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JSSICA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\JSSICA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\JSSICA~1\AppData\Local\Mozilla\Firefox\Profiles\exlwc7m6.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\JSSICA~1\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=493 folders=102 35205067 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\JSSICA~2\AppData\Local\temp emptied successfully
C:\Users\JSSICA~1\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\JSSICA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on 24/03/2014 at 6:58:45,25 ======================

por **Power Max** Seg 24 Mar 2014, 15:46

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por jessy.nick Seg 24 Mar 2014, 16:35

acabou ? ^^

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Basic x64
Ran by j‚ssica on 24/03/2014 at 16:02:15,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-625635302-494686518-3699765739-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A3A0AA51-5116-4FA6-A137-15891259D3B7}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\j‚ssica\AppData\Roaming\getrighttogo"

~~~ FireFox

Emptied folder: C:\Users\j‚ssica\AppData\Roaming\mozilla\firefox\profiles\exlwc7m6.default\minidumps [9 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/03/2014 at 16:18:07,89
End of JRT log

por **Power Max** Seg 24 Mar 2014, 19:24

Estamos quase acabando.

Log do Combofix e aplicação das medidas cabíveis. 772309

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por jessy.nick Ter 25 Mar 2014, 14:44

Desculpe pela demora, tenho estado muito ocupada.. ;/

~ Relatório do ZHPDiag v2014.3.25.31 - Nicolas Coolman (25/03/2014)
~ Iniciado por jéssica (25/03/2014 12:47:06)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521 (Defaut)
MFIE: Mozilla Firefox 10.0.2

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v7.0.1426.0
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v3.16 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.6
µTorrent v3.2.3.28705 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 7

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4061 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 388 GB (85%) free of 456 GB

---\\ Modo de conexão ao sistema
~ Computer Name: VIRUS
~ User Name: jéssica
~ All Users Names: jéssica, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\jéssica\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jéssica\AppData\Roaming\
~ %Desktop% : C:\Users\jéssica\Desktop\
~ %Favorites% : C:\Users\jéssica\Favorites\
~ %LocalAppData% : C:\Users\jéssica\AppData\Local\
~ %StartMenu% : C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 388 Go of 456 Go)
D: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.06/07/2011 - 18:34:56.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.06/07/2011 - 18:36:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/838
~ Mes musiques (My Musics) : 35/69
~ Mes Videos (My Videos) : 1/50
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 5/249
~ Mon Bureau (My Desktop) : 1/1034
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 01s

---\\ Processos lançados
[MD5.70EA13A41C0D9D31343EC203A629F801] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe [3209216] [PID.2016]
[MD5.88155D3D23CA8A1DFB1F45EE3E4C8DF8] - (.BitTorrent, Inc. - µTorrent.) -- C:\Users\jéssica\Downloads\uTorrent.exe [969104] [PID.2040] =>P2P.BitTorrent
[MD5.1B31D1266691EDD4224B0036449F14B4] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.1996]
[MD5.5B623D310E6ADE6E41E067179277FF3C] - (.No owner - IPM.exe.) -- C:\Program Files (x86)\OEM\IPM 1.6\IPM.exe [1106944] [PID.1936]
[MD5.2256E495D6B2566DE6DDBC6632510477] - (.No owner - OSD.) -- C:\Program Files (x86)\OEM\OSD 1.7\SunflowerOSD.exe [548864] [PID.1812]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.2532]
[MD5.B8E421C0890356CD4A793D8A346D9096] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712] [PID.2548]
[MD5.782FEF655DBF8653C9F2722BEBF7A8A6] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4241512] [PID.2636]
[MD5.AC5A237F53707A782023EA299739E949] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736] [PID.2668]
[MD5.3F744D5BCEF935B32B43BF7F83098032] - (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe [508144] [PID.4840]
[MD5.96E8CF4D3731D90058DE39A3BECAD707] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1201448] [PID.1952]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Users\jéssica\AppData\Local\Google\Chrome\Application\chrome.exe [859976] [PID.4908]
[MD5.3F5A454D02B769FC9EC00D8FB5767C4F] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe [1297408] [PID.6072]
[MD5.A73E6F3C9F1072FA809E941878C44221] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8178688] [PID.3292]
[MD5.4041D31508A2A084DFB42C595854090F] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768] [PID.1328]
[MD5.62B7936F9036DD6ED36E6A7EFA805DC0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63928] [PID.1820]
[MD5.5CA6B2E59E4FA15B25A3FAAE2093DA41] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.1872]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\SysWOW64\IoctlSvc.exe [81920] [PID.2968]
[MD5.264ABEC41C836B06E91E7547BD9858AB] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [850432] [PID.3940]
[MD5.193FA51DDDD0BFFDED1C340F0434999A] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752] [PID.4612]
[MD5.5BD9CC8C50D3FFF051AB6FF009BE9602] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592] [PID.6032]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.5780]
~ Processes Running: Scanned in 00mn 00s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\prefs.js
M3 - MFPP: Plugins - [jéssica] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [jéssica] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\leveluptb.xml
M3 - MFPP: Plugins - [jéssica] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [jéssica] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [jéssica] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-br.xml
P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.30 for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\Desktop [Public]: Cadastro.lnk . (.Positivo Informática - Registro de usuários Positivo Inform.) -- C:\Program Files (x86)\Positivo Informática\SW_Cadastro\Registro.exe
O4 - GS\Desktop [Public]: Debut Video Capture Software.lnk . (.NCH Software - Debut Video Capture Software.) -- C:\Program Files (x86)\NCH Software\Debut\debut.exe
O4 - GS\Desktop [Public]: DreamScene Seven.lnk . (...) -- C:\Program Files (x86)\DreamScene Seven\dreamsceneseven.exe
O4 - GS\Desktop [Public]: Free Screen Video Capture by Topviewsoft.lnk . (.Topviewsoft.com - Free Screen Video Capture by Topviewsoft.) -- C:\Program Files (x86)\Free Screen Video Capture by Topviewsoft\videocapture.exe
O4 - GS\Desktop [Public]: Intelli-studio.lnk . (...) -- C:\Program Files (x86)\SAMSUNG\Intelli-studio\iStudio.exe
O4 - GS\Desktop [Public]: Manual do Usuário.lnk . (...) -- C:\Fabricante\Manual do Usuário\Manual_Usuario.pdf
O4 - GS\Desktop [Public]: Mundo Positivo.lnk . (.Positivo Informática S.A. - Mundo Positivo.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoUI.exe
O4 - GS\Desktop [Public]: Positivo 3D Incrível.lnk . (...) -- C:\Program Files (x86)\Positivo Informática\Positivo 3D Incrível\3DIncrivel.exe
O4 - GS\Desktop [Public]: Relação de Assistências Técnicas Autorizadas.lnk . (...) -- C:\Fabricante\Relação de Assistências Técnicas Autorizadas\Rede_Assistencia_Tecnica.pdf
O4 - GS\Desktop [Public]: Second Life Viewer.lnk . (.Linden Lab - Second Life.) -- C:\Program Files (x86)\SecondLifeViewer\SecondLife.exe
O4 - GS\Desktop [Public]: Webcam.lnk . (...) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_F4711BF7C212A03CB0C5A8.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Debut Video Capture Software.lnk . (.NCH Software - Debut Video Capture Software.) -- C:\Program Files (x86)\NCH Software\Debut\debut.exe
O4 - GS\QuickLaunch [jéssica]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [jéssica]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [jéssica]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - GS\TaskBar [jéssica]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - GS\Program [jéssica]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [jéssica]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [jéssica]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jéssica\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [jéssica]: jéssica.lnk . (...) -- C:\Users\jéssica
O4 - GS\Desktop [jéssica]: KeyScrambler.lnk . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
O4 - GS\Desktop [jéssica]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [jéssica]: TS3 - Atalho.lnk . (...) -- C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\TS3.exe (.not file.)
O4 - GS\Desktop [jéssica]: VirtualDJ Home FREE.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe
~ Global Startup: 93 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Assistente para criação de disco de recuperação.lnk . (...) -- C:\Program Files (x86)\Positivo Informática\Recovery\Recovery2.exe (.not file.)
O4 - GS\Startup [Public]: IPM.lnk . (...) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_D7CD4233F948691B91C509.exe
O4 - GS\Startup [Public]: OSD.lnk . (...) -- C:\Windows\Installer\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}\_51DECE17D28CB133DD0C64.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [MRT] . (.Microsoft Corporation - Ferramentas de Remoção de Software Mal-Inte.) -- C:\Windows\system32\MRT.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Users\jéssica\Downloads\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\Wow6432Node\Run: [KeyScrambler] . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\keyscrambler.exe
O4 - HKUS\S-1-5-21-625635302-494686518-3699765739-1000\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - HKUS\S-1-5-21-625635302-494686518-3699765739-1000\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Users\jéssica\Downloads\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-625635302-494686518-3699765739-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-625635302-494686518-3699765739-1000\..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Free] Chave orfã
~ Application: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{819185FB-3790-4D59-9230-A7C322C527E5}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{819185FB-3790-4D59-9230-A7C322C527E5}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{819185FB-3790-4D59-9230-A7C322C527E5}: DhcpNameServer = 200.222.122.132 200.222.145.86 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) [64Bits] - {E31004D1-A431-41B8-826F-E902F9D95C81} - (.not file.)
~ STS/SSO: Scanned in 00mn 00s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{470DBDC3-8E7D-46E6-B225-FC2A2291B802}] (...) -- C:\Users\jéssica\AppData\Roaming\awesomehp\UninstallManager.exe (.not file.) [0] =>PUP.Awesomehp
[MD5.00000000000000000000000000000000] [APT] [{D4C8BBB2-D8CD-4910-96E6-2AEF4D6A5AA2}] (...) -- C:\Program Files (x86)\WinZipper\eUninstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D9F3E310-7CE9-4111-9B21-9F3F6B87223A}] (...) -- C:\Joymax\DMO\uninstaller.exe (.not file.) [0]
~ Scheduled Task: 11 Legitimates Filtered in 00mn 02s

---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.8 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: Driver 1.3 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: Free Screen Video Capture by Topviewsoft 4.1.7 - (.Topviewsoft, Inc..) [HKLM][64Bits] -- {180CAD6C-B0ED-42A9-8C4A-CF49C6682A06}_is1
O42 - Logiciel: IPM 1.6 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM][64Bits] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: WS.Sustainer 1.80 - (.Certified Publisher.) [HKLM][64Bits] -- {5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}
~ Logic: 21 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\BitComet] =>P2P.BitComet
[HKCU\Software\Nicekit]
[HKCU\Software\Pando Networks]
[HKCU\Software\Puxa Rápido]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Puxa Rápido]
~ Key Software: 302 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/02/2012 - 11:02:08 - [6,885] ----D C:\Program Files (x86)\Ares
O43 - CFD: 21/02/2014 - 19:04:03 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 26/09/2012 - 12:14:25 - [1,718] ----D C:\Program Files (x86)\Free Screen Video Capture by Topviewsoft
O43 - CFD: 18/03/2012 - 22:17:51 - [7,182] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 21/02/2014 - 22:26:05 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 19/05/2012 - 18:49:02 - [0] ----D C:\Program Files (x86)\v9Soft
O43 - CFD: 23/01/2012 - 23:13:51 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 25/02/2012 - 10:51:14 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 21/02/2014 - 19:12:50 - [3,726] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/12/2012 - 17:21:59 - [0] ----D C:\ProgramData\levelup downloader
O43 - CFD: 21/02/2014 - 21:41:41 - [2,821] ----D C:\Users\jéssica\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 30/03/2012 - 18:51:41 - [0,219] ----D C:\Users\jéssica\AppData\Roaming\BitComet =>P2P.BitComet
O43 - CFD: 16/05/2012 - 19:31:24 - [0,605] ----D C:\Users\jéssica\AppData\Local\Ares
O43 - CFD: 16/12/2012 - 17:21:59 - [0,002] ----D C:\Users\jéssica\AppData\Local\Level Up!
~ Program Folder: 198 Legitimates Filtered in 00mn 17s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 23/03/2014 - 20:54:11 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.91A317A2E22632DB00CDCCF399BC9DA5] - 23/03/2014 - 20:57:35 ---A- . (...) -- C:\ComboFix.txt [24539]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 24/03/2014 - 00:42:03 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.6507E951EB3425F0E409CEC112F7D486] - 24/03/2014 - 06:58:45 ---A- . (...) -- C:\zoek-results.log [28231]
~ Files: 39 Legitimates Filtered in 00mn 02s

---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Puxa Rápido\PuxaRapido.exe" [Enabled] .(...) -- C:\Program Files (x86)\Puxa Rápido\PuxaRapido.exe (.not file.)
~ Keys Export: 1 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.BC647F1F9DCE55B05B54683260ECE4FB] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.47B37E4F919BF170818920A98C2FE1C6] - 11/12/2009 - 16:28:52 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:[MD5.0626C7524FBE58E1AF6E76F1BB739CA2] - 03/12/2009 - 09:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [13816]
O58 - SDL:[MD5.709BDE623D7680E2D2A958CD4DC0A902] - 03/12/2009 - 09:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.5A3CFA8C1220ED395956B8642BFDE525] - 30/08/2010 - 21:18:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [515584]
~ Drivers: 19 Legitimates Filtered in 00mn 28s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.5EBE3269C7F1A713751F29B7B0897F07] [SPRF][26/02/2012] (.NiceKit - SnapaShot.) -- C:\Users\jéssica\Desktop\SnapaShot.exe [110080]
~ Files: 2 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{A3796A15-E90C-4E0C-B074-35DEA79EAABC}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{FE9D22F9-5F96-4C9B-AD5C-09367216A79A}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "TCP Query User{9C861C6C-3E2D-49D6-B2F9-A3C97D32665A}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{F8E2E9F0-BA5B-4875-AFC4-90609A74E3B6}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "TCP Query User{B1B6FA56-B928-4151-971D-1CB9F5198EA6}C:\users\jéssica\desktop\pokegen\pokegen.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\jéssica\desktop\pokegen\pokegen.exe
O87 - FAEL: "UDP Query User{1DA2D2D0-02DC-47C9-B5FC-25F197E891C2}C:\users\jéssica\desktop\pokegen\pokegen.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\jéssica\desktop\pokegen\pokegen.exe
O87 - FAEL: "{5637132D-53A7-4ED8-B60C-C910D141EA90}" | In - Public - P17 - TRUE | .(...) -- C:\users\jéssica\desktop\pokegen\pokegen.exe
O87 - FAEL: "{88DFC6F2-063F-4CF5-B2B2-4A3DA9F4689E}" | In - Public - P6 - TRUE | .(...) -- C:\users\jéssica\desktop\pokegen\pokegen.exe
~ Firewall: 190 Legitimates Filtered in 00mn 01s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15687B932DF62574EB863CDB6B2F9DEE" . (.Webcam 1.5.) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.6.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 83 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 87 Legitimates Filtered in 00mn 09s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SS - | Auto 16/05/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/05/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

SR - | Auto 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 06/03/2012 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Disabled 10/07/1658 0 | (avast! Firewall) . (...) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 05/09/2011 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SR - | Auto 26/02/2014 2224976 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 26/02/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\SysWOW64\IoctlSvc.exe
SR - | Auto 30/08/2010 267264 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 10s

---\\ Scâner Aditional (088)
Database Version : 13031 - (25/03/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 5

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\jéssica\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\jéssica\AppData\Roaming\BitComet =>P2P.BitComet^
C:\Program Files (x86)\V9Soft =>PUP.V9Software
C:\Users\jéssica\Downloads\uTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\BitComet] =>P2P.BitComet^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
~ Additionnel Scan: 244897 Items scanned in 00mn 33s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
~ MSI: 5 link(s) detected in 00mn 00s

~ 1113 Legitimates filtered by white list
End of the scan (486 lines in 02mn 02s)(0)

por **Power Max** Ter 25 Mar 2014, 15:17

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________

Log do Combofix e aplicação das medidas cabíveis. 772309

Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________

Log do Combofix e aplicação das medidas cabíveis. 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

por jessy.nick Ter 25 Mar 2014, 16:29

Rapport de ZHPFix 2014.3.19.4 par Nicolas Coolman, Update du 19/03/2014
Fichier d'export Registre :
Run by jéssica at 25/03/2014 16:25:26
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (01mn 04s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\windows\system32\rundll32.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}]
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\5509804B864D4A546AABA531D87D51CF]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\5509804B864D4A546AABA531D87D51CF]
ELIMINÉ: Service: BBSvc
ELIMINÉ: Service: BBUpdate
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ELIMINÉ SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81}
ELIMINÉ AAKE KeyValue: C:\Program Files (x86)\Puxa Rápido\PuxaRapido.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\jéssica\desktop\ts3 - atalho.lnk
ELIMINÉ: c:\program files (x86)\microsoft\bingbar\bbsvc.exe
ELIMINA REINICIAR: c:\program files (x86)\microsoft\bingbar\seaport.exe
ELIMINÉ: c:\users\jéssica\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk ((http://www.google.com.br))
CRIADO: C:\Users\jéssica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
ELIMINÉ: c:\users\jéssica\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\mozilla firefox.lnk ((http://www.google.com.br))
CRIADO: C:\Users\jéssica\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
ELIMINÉ Temporários windows (60) (127.229 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {470DBDC3-8E7D-46E6-B225-FC2A2291B802}
ELIMINÉ: {D4C8BBB2-D8CD-4910-96E6-2AEF4D6A5AA2}
ELIMINÉ: {D9F3E310-7CE9-4111-9B21-9F3F6B87223A}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
12 : Chaves do Registo
9 : Valores do Registo
1 : Pastas
9 : Ficheiros
1 : Softwares
3 : Tarefa planificada
1 : Restauração Sistema

End of clean in 01mn 40s

========== Caminho do ficheiro do relatório ==========
C:\Users\jéssica\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/03/2014 16:26:30 [3198]

por **Power Max** Ter 25 Mar 2014, 16:30

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por jessy.nick Ter 25 Mar 2014, 16:38

~ Relatório do ZHPDiag v2014.3.25.31 - Nicolas Coolman (25/03/2014)
~ Iniciado por jéssica (25/03/2014 16:32:39)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521 (Defaut)
MFIE: Mozilla Firefox 10.0.2

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v7.0.1426.0
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v3.16 =>.Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.6
µTorrent v3.2.3.28705 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 7

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4061 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 389 GB (85%) free of 456 GB

---\\ Modo de conexão ao sistema
~ Computer Name: VIRUS
~ User Name: jéssica
~ All Users Names: jéssica, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\jéssica\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jéssica\AppData\Roaming\
~ %Desktop% : C:\Users\jéssica\Desktop\
~ %Favorites% : C:\Users\jéssica\Favorites\
~ %LocalAppData% : C:\Users\jéssica\AppData\Local\
~ %StartMenu% : C:\Users\jéssica\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 389 Go of 456 Go)
D: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.06/07/2011 - 18:34:56.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.06/07/2011 - 18:36:49.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/838
~ Mes musiques (My Musics) : 35/69
~ Mes Videos (My Videos) : 1/50
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 5/249
~ Mon Bureau (My Desktop) : 1/1034
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 00s

---\\ Processos lançados
[MD5.88155D3D23CA8A1DFB1F45EE3E4C8DF8] - (.BitTorrent, Inc. - µTorrent.) -- C:\Users\jéssica\Downloads\uTorrent.exe [969104] [PID.2040] =>P2P.BitTorrent
[MD5.1B31D1266691EDD4224B0036449F14B4] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.1996]
[MD5.5B623D310E6ADE6E41E067179277FF3C] - (.No owner - IPM.exe.) -- C:\Program Files (x86)\OEM\IPM 1.6\IPM.exe [1106944] [PID.1936]
[MD5.2256E495D6B2566DE6DDBC6632510477] - (.No owner - OSD.) -- C:\Program Files (x86)\OEM\OSD 1.7\SunflowerOSD.exe [548864] [PID.1812]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.2532]
[MD5.B8E421C0890356CD4A793D8A346D9096] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712] [PID.2548]
[MD5.782FEF655DBF8653C9F2722BEBF7A8A6] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4241512] [PID.2636]
[MD5.3F744D5BCEF935B32B43BF7F83098032] - (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe [508144] [PID.4840]
[MD5.96E8CF4D3731D90058DE39A3BECAD707] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1201448] [PID.1952]
[MD5.3F5A454D02B769FC9EC00D8FB5767C4F] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe [1297408] [PID.6072]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Users\jéssica\AppData\Local\Google\Chrome\Application\chrome.exe [859976] [PID.3612]
[MD5.A73E6F3C9F1072FA809E941878C44221] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8178688] [PID.7040]
[MD5.4041D31508A2A084DFB42C595854090F] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768] [PID.1328]
[MD5.62B7936F9036DD6ED36E6A7EFA805DC0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63928] [PID.1820]
[MD5.5CA6B2E59E4FA15B25A3FAAE2093DA41] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.1872]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\SysWOW64\IoctlSvc.exe [81920] [PID.2968]
[MD5.264ABEC41C836B06E91E7547BD9858AB] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [850432] [PID.3940]
[MD5.193FA51DDDD0BFFDED1C340F0434999A] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752] [PID.4612]
[MD5.5BD9CC8C50D3FFF051AB6FF009BE9602] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592] [PID.6032]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.5780]
~ Processes Running: Scanned in 00mn 01s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\jéssica\AppData\Roaming\Mozilla\Firefox\Profiles\exlwc7m6.default\prefs.js
M3 - MFPP: Plugins - [jéssica] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [jéssica] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\leveluptb.xml
M3 - MFPP: Plugins - [jéssica] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [jéssica] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [jéssica] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-br.xml
P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.30 for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\Desktop [Public]: Cadastro.lnk . (.Positivo Informática - Registro de usuários Positivo Inform.) -- C:\Program Files (x86)\Positivo Informática\SW_Cadastro\Registro.exe
O4 - GS\Desktop [Public]: Debut Video Capture Software.lnk . (.NCH Software - Debut Video Capture Software.) -- C:\Program Files (x86)\NCH Software\Debut\debut.exe
O4 - GS\Desktop [Public]: DreamScene Seven.lnk . (...) -- C:\Program Files (x86)\DreamScene Seven\dreamsceneseven.exe
O4 - GS\Desktop [Public]: Free Screen Video Capture by Topviewsoft.lnk . (.Topviewsoft.com - Free Screen Video Capture by Topviewsoft.) -- C:\Program Files (x86)\Free Screen Video Capture by Topviewsoft\videocapture.exe
O4 - GS\Desktop [Public]: Intelli-studio.lnk . (...) -- C:\Program Files (x86)\SAMSUNG\Intelli-studio\iStudio.exe
O4 - GS\Desktop [Public]: Manual do Usuário.lnk . (...) -- C:\Fabricante\Manual do Usuário\Manual_Usuario.pdf
O4 - GS\Desktop [Public]: Mundo Positivo.lnk . (.Positivo Informática S.A. - Mundo Positivo.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoUI.exe
O4 - GS\Desktop [Public]: Positivo 3D Incrível.lnk . (...) -- C:\Program Files (x86)\Positivo Informática\Positivo 3D Incrível\3DIncrivel.exe
O4 - GS\Desktop [Public]: Relação de Assistências Técnicas Autorizadas.lnk . (...) -- C:\Fabricante\Relação de Assistências Técnicas Autorizadas\Rede_Assistencia_Tecnica.pdf
O4 - GS\Desktop [Public]: Second Life Viewer.lnk . (.Linden Lab - Second Life.) -- C:\Program Files (x86)\SecondLifeViewer\SecondLife.exe
O4 - GS\Desktop [Public]: Webcam.lnk . (...) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_F4711BF7C212A03CB0C5A8.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Program [Public]: Debut Video Capture Software.lnk . (.NCH Software - Debut Video Capture Software.) -- C:\Program Files (x86)\NCH Software\Debut\debut.exe
O4 - GS\QuickLaunch [jéssica]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [jéssica]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [jéssica]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [jéssica]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [jéssica]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [jéssica]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [jéssica]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\jéssica\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [jéssica]: jéssica.lnk . (...) -- C:\Users\jéssica
O4 - GS\Desktop [jéssica]: KeyScrambler.lnk . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
O4 - GS\Desktop [jéssica]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [jéssica]: VirtualDJ Home FREE.lnk . (.Atomix Productions - VirtualDJ.) -- C:\Program Files (x86)\VirtualDJ\virtualdj_home.exe
~ Global Startup: 90 Legitimates Filtered in 00mn 00s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: IPM.lnk . (...) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_D7CD4233F948691B91C509.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [KeyScrambler] . (.QFX Software Corporation - KeyScrambler.) -- C:\Program Files (x86)\KeyScrambler\keyscrambler.exe
~ Application: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{819185FB-3790-4D59-9230-A7C322C527E5}: DhcpNameServer = 200.222.122.132 200.222.145.86 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{819185FB-3790-4D59-9230-A7C322C527E5}: DhcpNameServer = 200.222.122.132 200.222.145.86 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{819185FB-3790-4D59-9230-A7C322C527E5}: DhcpNameServer = 200.222.122.132 200.222.145.86 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.222.122.132 200.222.145.86 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.8 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: Driver 1.3 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: Free Screen Video Capture by Topviewsoft 4.1.7 - (.Topviewsoft, Inc..) [HKLM][64Bits] -- {180CAD6C-B0ED-42A9-8C4A-CF49C6682A06}_is1
O42 - Logiciel: IPM 1.6 - (.OEM.) [HKLM][64Bits] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM][64Bits] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
~ Logic: 21 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\BitComet] =>P2P.BitComet
[HKCU\Software\Nicekit]
[HKCU\Software\Pando Networks]
[HKCU\Software\Puxa Rápido]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\SoilIO]
[HKLM\Software\Wow6432Node\Deskmedia]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Puxa Rápido]
~ Key Software: 296 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/02/2012 - 11:02:08 - [6,885] ----D C:\Program Files (x86)\Ares
O43 - CFD: 26/09/2012 - 12:14:25 - [1,718] ----D C:\Program Files (x86)\Free Screen Video Capture by Topviewsoft
O43 - CFD: 18/03/2012 - 22:17:51 - [7,182] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 21/02/2014 - 22:26:05 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 23/01/2012 - 23:13:51 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 25/02/2012 - 10:51:14 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 16/12/2012 - 17:21:59 - [0] ----D C:\ProgramData\levelup downloader
O43 - CFD: 30/03/2012 - 18:51:41 - [0,219] ----D C:\Users\jéssica\AppData\Roaming\BitComet =>P2P.BitComet
O43 - CFD: 16/05/2012 - 19:31:24 - [0,595] ----D C:\Users\jéssica\AppData\Local\Ares
O43 - CFD: 16/12/2012 - 17:21:59 - [0,002] ----D C:\Users\jéssica\AppData\Local\Level Up!
~ Program Folder: 194 Legitimates Filtered in 00mn 03s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 23/03/2014 - 20:54:11 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.91A317A2E22632DB00CDCCF399BC9DA5] - 23/03/2014 - 20:57:35 ---A- . (...) -- C:\ComboFix.txt [24539]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 24/03/2014 - 00:42:03 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.6507E951EB3425F0E409CEC112F7D486] - 24/03/2014 - 06:58:45 ---A- . (...) -- C:\zoek-results.log [28231]
~ Files: 37 Legitimates Filtered in 00mn 03s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O53 - SMSR:HKLM\...\startupreg\StartUpManagerPositivo [Key] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent, Inc. - µTorrent.) -- C:\Users\jéssica\Downloads\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.BC647F1F9DCE55B05B54683260ECE4FB] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [289952]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.47B37E4F919BF170818920A98C2FE1C6] - 11/12/2009 - 16:28:52 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [17912]
O58 - SDL:[MD5.0626C7524FBE58E1AF6E76F1BB739CA2] - 03/12/2009 - 09:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [13816]
O58 - SDL:[MD5.709BDE623D7680E2D2A958CD4DC0A902] - 03/12/2009 - 09:04:16 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [13304]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.5A3CFA8C1220ED395956B8642BFDE525] - 30/08/2010 - 21:18:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [515584]
~ Drivers: 19 Legitimates Filtered in 00mn 01s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.5EBE3269C7F1A713751F29B7B0897F07] [SPRF][26/02/2012] (.NiceKit - SnapaShot.) -- C:\Users\jéssica\Desktop\SnapaShot.exe [110080]
~ Files: 2 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{A3796A15-E90C-4E0C-B074-35DEA79EAABC}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{FE9D22F9-5F96-4C9B-AD5C-09367216A79A}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "TCP Query User{9C861C6C-3E2D-49D6-B2F9-A3C97D32665A}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{F8E2E9F0-BA5B-4875-AFC4-90609A74E3B6}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "TCP Query User{B1B6FA56-B928-4151-971D-1CB9F5198EA6}C:\users\jéssica\desktop\pokegen\pokegen.exe" | In - Private - P6 - TRUE | .(...) -- C:\users\jéssica\desktop\pokegen\pokegen.exe
O87 - FAEL: "UDP Query User{1DA2D2D0-02DC-47C9-B5FC-25F197E891C2}C:\users\jéssica\desktop\pokegen\pokegen.exe" | In - Private - P17 - TRUE | .(...) -- C:\users\jéssica\desktop\pokegen\pokegen.exe
O87 - FAEL: "{5637132D-53A7-4ED8-B60C-C910D141EA90}" | In - Public - P17 - TRUE | .(...) -- C:\users\jéssica\desktop\pokegen\pokegen.exe
O87 - FAEL: "{88DFC6F2-063F-4CF5-B2B2-4A3DA9F4689E}" | In - Public - P6 - TRUE | .(...) -- C:\users\jéssica\desktop\pokegen\pokegen.exe
~ Firewall: 190 Legitimates Filtered in 00mn 00s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15687B932DF62574EB863CDB6B2F9DEE" . (.Webcam 1.5.) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.6.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 82 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 87 Legitimates Filtered in 00mn 08s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/05/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/05/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

SR - | Auto 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 06/03/2012 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Disabled 10/07/1658 0 | (avast! Firewall) . (...) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 05/09/2011 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 26/02/2014 2224976 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 26/02/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\SysWOW64\IoctlSvc.exe
SR - | Auto 30/08/2010 267264 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 09s

---\\ Scâner Aditional (088)
Database Version : 13031 - (25/03/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
C:\Users\jéssica\AppData\Roaming\BitComet =>P2P.BitComet^
C:\Users\jéssica\Downloads\uTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\BitComet] =>P2P.BitComet^
~ Additionnel Scan: 242795 Items scanned in 00mn 34s

---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s

~ 1108 Legitimates filtered by white list
End of the scan (415 lines in 01mn 18s)(0)

por **Power Max** Qua 26 Mar 2014, 13:05

Está tudo certo com seu relatório.

Como está o PC após estas limpezas?

por jessy.nick Qua 26 Mar 2014, 14:59

Está bem melhor, mais rápido. Antes demorava muito para ligar e abrir paginas, sem contar que do nada o antivírus apitava.. Poxa não sei nem como te agradecer por tudo que você fez por mim ^^
Espero que um dia eu possa entender isso e muito mais, pois quero fazer TI
Obrigada.. bjs e tenha uma boa tarde Log do Combofix e aplicação das medidas cabíveis. 960671

Log do Combofix e aplicação das medidas cabíveis. 960671

por **Power Max** Qua 26 Mar 2014, 15:18

Fico feliz que o problema tenha sido resolvido.

Log do Combofix e aplicação das medidas cabíveis. 772309

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Log do Combofix e aplicação das medidas cabíveis. 772309

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Log do Combofix e aplicação das medidas cabíveis. 648673379

Foi um prazer ajudar. Conte sempre conosco!

por jessy.nick Seg 31 Mar 2014, 17:12

ok obg ^^

por **Power Max** Sáb 05 Abr 2014, 20:16

CASO RESOLVIDO

Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Log do Combofix e aplicação das medidas cabíveis.

Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Re: Log do Combofix e aplicação das medidas cabíveis.

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31