Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 5 usuários online :: 0 registrados, 0 invisíveis e 5 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Suspeita de Malware roubando a conexão!
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Suspeita de Malware roubando a conexão!
por Júnior Dantas Sáb 29 Mar 2014, 12:23
Venho baixando alguns programas de que precisava usar, e sem querer instalei coisas inúteis e acho que veio "malwares" junto com eles. Depois disso a conexão da internet (wi-fi) tem ficado prejudicada em relação à velocidade. Além de travamentos constantes e falhas de plug ins. Excluí qualquer outra interferência na velocidade pois em outros dispositivos, a conexão funciona perfeitamente. Será que tem problemas mesmo?
Segue o log do "Zoek":
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Etevaldo on 28/03/2014 at 17:15:45,88.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Etevaldo\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
28/03/2014 17:17:58 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginService deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\SaveSense deleted
C:\PROGRA~2\MyFree Codec deleted
C:\PROGRA~2\SupTab deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\SaveSenseLive deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\Users\Etevaldo\AppData\Roaming\SupTab deleted
C:\Users\Etevaldo\AppData\Roaming\Wondershare deleted
C:\Users\Etevaldo\AppData\Roaming\SaveSense deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\IePluginService deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\WPM deleted
C:\PROGRA~3\SaveSenseLive deleted
C:\Users\Convidado\AppData\Local\Wondershare deleted
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx deleted
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted
C:\Users\Public\usbsafeguard.exe deleted
C:\Users\Etevaldo\Downloads\SoftonicDownloader_for_photoscape.exe deleted
C:\windows\SysNative\tasks\SaveSenseLiveUpdateTaskMachineCore deleted
C:\windows\SysNative\tasks\SaveSenseLiveUpdateTaskMachineUA deleted
C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job deleted
C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job deleted
C:\END deleted
"C:\Users\Etevaldo\AppData\Roaming\Zoner" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
odoegbfnimkkocjoeoelkonmlfpbhlnc - C:\Program Files (x86)\Wondershare\vDownloader\SVRChromePlugin.crx[]
pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx[]
YouTube - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Extended Protection - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Google Search - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Vagalume - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipgcdnbeeiajinajlafjcdfhckglcopd
Google Wallet - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Hover Zoom - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
Wondershare vDownloader - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc
Gmail - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc deleted successfully
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
"Default_Page_URL"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.awesomehp.com/web/?type=ds&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159&q={searchTerms}"
"Default_Page_URL"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
"Start Page"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
"Search Page"="http://www.awesomehp.com/web/?type=ds&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.awesomehp.com/web/?type=ds&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159&q={searchTerms}"
"Default_Page_URL"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
"Start Page"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
"Search Page"="http://www.awesomehp.com/web/?type=ds&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_USERS\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_USERS\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_USERS\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_USERS\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\Etevaldo\Desktop\Counter Strike 1.6.lnk - C:\Program Files (x86)\Counter Strike 1.6\hl.exe -game cstrike
C:\Users\Etevaldo\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\Public\Desktop\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Users\Public\Desktop\UltraISO.lnk - C:\Program Files (x86)\UltraISO\UltraISO.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Etevaldo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Ultimate Edition\EVEREST Ultimate Edition Documentation.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Ultimate Edition\EVEREST Ultimate Edition on the Web.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Ultimate Edition\EVEREST Ultimate Edition.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Ultimate Edition\Uninstall EVEREST Ultimate Edition.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Help.lnk - C:\Program Files (x86)\UltraISO\ultraiso.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Readme.lnk - C:\Program Files (x86)\UltraISO\Readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Revision History.lnk - C:\Program Files (x86)\UltraISO\History.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO.lnk - C:\Program Files (x86)\UltraISO\UltraISO.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\Uninstall UltraISO.lnk - C:\Program Files (x86)\UltraISO\unins000.exe
==== shortcuts in Quick Launch ======================
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Acer Crystal Eye Webcam.lnk - C:\Program Files (x86)\Acer\Acer Crystal Eye Webcam\webcam.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoFiltre Studio X.lnk - C:\Program Files (x86)\PhotoFiltre Studio X\PhotoFiltre Studio X.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Etevaldo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Media Player Classic (2).lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe deleted successfully
==== Empty IE Cache ======================
C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Etevaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Etevaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=442 folders=110 66093848 bytes)
==== Empty Temp Folders ======================
C:\Users\Convidado\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Etevaldo\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Etevaldo\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 28/03/2014 at 18:40:08,35 ======================
Segue o log do "Zoek":
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Etevaldo on 28/03/2014 at 17:15:45,88.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Etevaldo\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
28/03/2014 17:17:58 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\IePluginService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IePluginService deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
==== Deleting Files \ Folders ======================
C:\PROGRA~2\SaveSense deleted
C:\PROGRA~2\MyFree Codec deleted
C:\PROGRA~2\SupTab deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~2\SaveSenseLive deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\Users\Etevaldo\AppData\Roaming\SupTab deleted
C:\Users\Etevaldo\AppData\Roaming\Wondershare deleted
C:\Users\Etevaldo\AppData\Roaming\SaveSense deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\IePluginService deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\WPM deleted
C:\PROGRA~3\SaveSenseLive deleted
C:\Users\Convidado\AppData\Local\Wondershare deleted
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx deleted
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted
C:\Users\Public\usbsafeguard.exe deleted
C:\Users\Etevaldo\Downloads\SoftonicDownloader_for_photoscape.exe deleted
C:\windows\SysNative\tasks\SaveSenseLiveUpdateTaskMachineCore deleted
C:\windows\SysNative\tasks\SaveSenseLiveUpdateTaskMachineUA deleted
C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job deleted
C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job deleted
C:\END deleted
"C:\Users\Etevaldo\AppData\Roaming\Zoner" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
odoegbfnimkkocjoeoelkonmlfpbhlnc - C:\Program Files (x86)\Wondershare\vDownloader\SVRChromePlugin.crx[]
pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx[]
YouTube - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Extended Protection - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Google Search - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Vagalume - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipgcdnbeeiajinajlafjcdfhckglcopd
Google Wallet - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Hover Zoom - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
Wondershare vDownloader - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc
Gmail - Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc deleted successfully
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
"Default_Page_URL"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.awesomehp.com/web/?type=ds&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159&q={searchTerms}"
"Default_Page_URL"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
"Start Page"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
"Search Page"="http://www.awesomehp.com/web/?type=ds&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.awesomehp.com/web/?type=ds&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159&q={searchTerms}"
"Default_Page_URL"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
"Start Page"="http://www.awesomehp.com/?type=hp&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159"
"Search Page"="http://www.awesomehp.com/web/?type=ds&ts=1395679379&from=pcm&uid=WDCXWD5000BPVT-22HXZT3_WD-WXQ1CB1T7159T7159&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_USERS\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_USERS\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_USERS\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_USERS\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\Etevaldo\Desktop\Counter Strike 1.6.lnk - C:\Program Files (x86)\Counter Strike 1.6\hl.exe -game cstrike
C:\Users\Etevaldo\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\Public\Desktop\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Users\Public\Desktop\UltraISO.lnk - C:\Program Files (x86)\UltraISO\UltraISO.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Etevaldo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Ultimate Edition\EVEREST Ultimate Edition Documentation.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Ultimate Edition\EVEREST Ultimate Edition on the Web.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Ultimate Edition\EVEREST Ultimate Edition.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys\EVEREST Ultimate Edition\Uninstall EVEREST Ultimate Edition.lnk - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Help.lnk - C:\Program Files (x86)\UltraISO\ultraiso.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Readme.lnk - C:\Program Files (x86)\UltraISO\Readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO Revision History.lnk - C:\Program Files (x86)\UltraISO\History.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\UltraISO.lnk - C:\Program Files (x86)\UltraISO\UltraISO.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO\Uninstall UltraISO.lnk - C:\Program Files (x86)\UltraISO\unins000.exe
==== shortcuts in Quick Launch ======================
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Acer Crystal Eye Webcam.lnk - C:\Program Files (x86)\Acer\Acer Crystal Eye Webcam\webcam.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoFiltre Studio X.lnk - C:\Program Files (x86)\PhotoFiltre Studio X\PhotoFiltre Studio X.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Etevaldo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Media Player Classic (2).lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Welcome Center.lnk - C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Etevaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe deleted successfully
==== Empty IE Cache ======================
C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Etevaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Etevaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=442 folders=110 66093848 bytes)
==== Empty Temp Folders ======================
C:\Users\Convidado\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Etevaldo\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Etevaldo\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 28/03/2014 at 18:40:08,35 ======================
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Sáb 29 Mar 2014, 13:01
Olá Júnior. Seja bem vindo ao Fórum PC Brasil.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Dom 30 Mar 2014, 11:35
Segue o log do Adwcleaner:
# AdwCleaner v3.022 - Relatório criado 30/03/2014 às 11:28:51
# Atualizado 13/03/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Etevaldo - JUNIOR-PC
# Executando de : C:\Users\Etevaldo\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_visualizador-do-powerpoint_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_visualizador-do-powerpoint_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Myfree Codec
Chave Deletedo : HKCU\Software\PIP
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\Myfree Codec
Chave Deletedo : HKLM\Software\PIP
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Google Chrome v
[ Arquivo : C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4211 octets] - [30/03/2014 11:25:22]
AdwCleaner[S0].txt - [3684 octets] - [30/03/2014 11:28:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3744 octets] ##########
# AdwCleaner v3.022 - Relatório criado 30/03/2014 às 11:28:51
# Atualizado 13/03/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Etevaldo - JUNIOR-PC
# Executando de : C:\Users\Etevaldo\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_visualizador-do-powerpoint_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_visualizador-do-powerpoint_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKCU\Software\1ClickDownload
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Myfree Codec
Chave Deletedo : HKCU\Software\PIP
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\Myfree Codec
Chave Deletedo : HKLM\Software\PIP
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Google Chrome v
[ Arquivo : C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4211 octets] - [30/03/2014 11:25:22]
AdwCleaner[S0].txt - [3684 octets] - [30/03/2014 11:28:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3744 octets] ##########
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Dom 30 Mar 2014, 17:30
Faça o download do Malwarebytes em um destes links abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Atualize-o (faça um update) > Faça uma verificação completa com ele e remova os problemas que ele encontrar.
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Seg 31 Mar 2014, 13:48
Segue o log do Malwarebytes:
2014/03/31 13:36:13 -0300
mbam-log-2014-03-31 (13-12-58).xml
yes
2.00.0.1000
v2014.03.31.07
v2014.03.27.01
free
disabled
disabled
disabled
Windows 7 Service Pack 1
x64
Etevaldo
NTFS
threat
completed
273604
1
0
66
0
1
0
9
0
enabled
enabled
enabled
enabled
disabled
disabled
enabled
enabled
enabled
C:\Windows\KMService.exe RiskWare.Tool.CK delete-on-reboot 1992 e6ed7594413a9f9789e34f4be81907f9
HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828} PUP.Optional.SaveSense.A success 369d34d594e73afc0bf5a6641be7f30d
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc PUP.Optional.SaveSense.A success 369d34d594e73afc0bf5a6641be7f30d
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0 PUP.Optional.SaveSense.A success 369d34d594e73afc0bf5a6641be7f30d
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc PUP.Optional.SaveSense.A success 369d34d594e73afc0bf5a6641be7f30d
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0 PUP.Optional.SaveSense.A success 369d34d594e73afc0bf5a6641be7f30d
HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828} PUP.Optional.SaveSense.A success 369d34d594e73afc0bf5a6641be7f30d
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828} PUP.Optional.SaveSense.A success 369d34d594e73afc0bf5a6641be7f30d
HKU\S-1-5-21-3404006502-3931462469-3704297473-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2} PUP.Optional.SaveSense success 547faf5ad1aa87af43655ee2ce3451af
HKU\S-1-5-21-3404006502-3931462469-3704297473-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2} PUP.Optional.SaveSense success 547faf5ad1aa87af43655ee2ce3451af
HKU\S-1-5-21-3404006502-3931462469-3704297473-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{95FFEF7E-D5B7-4AFB-9B49-DA6F9EE962D0} PUP.Optional.BeatTool.A success 9d3649c0136857dfe83fc74111f129d7
HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9 PUP.Optional.SaveSense.A success be151ced601bff3755580f7ebe45a35d
HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine PUP.Optional.SaveSense.A success 953e9a6fde9d83b38d20b7d6d72cff01
HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0 PUP.Optional.SaveSense.A success 409307022c4f92a4634a76173ac9ec14
HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3 PUP.Optional.SaveSense.A success f7dcd732fc7f5cda1d908ffeee152dd3
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync PUP.Optional.SaveSense.A success 567dd039205b270f79340687c04326da
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0 PUP.Optional.SaveSense.A success 775cfa0f3b40a0961499b8d53ac915eb
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass PUP.Optional.SaveSense.A success 874c8b7e8fecf145d9d4ff8ed42ffb05
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1 PUP.Optional.SaveSense.A success d30085842655be789d104944db286a96
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass PUP.Optional.SaveSense.A success c80beb1e45365adcd8d58a03a65de917
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1 PUP.Optional.SaveSense.A success ddf6ce3ba8d3c076ad008805ec179967
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine PUP.Optional.SaveSense.A success 1bb841c8512a0432c1ecc6c734cffa06
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0 PUP.Optional.SaveSense.A success d5fe13f6b8c38fa7c4e93459b35018e8
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine PUP.Optional.SaveSense.A success 10c3a5647a010432aeffdab3bf4437c9
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0 PUP.Optional.SaveSense.A success 2fa4c049265577bfdcd15736b44fe020
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback PUP.Optional.SaveSense.A success 9b38f910cab1e5517b322865cd36cd33
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0 PUP.Optional.SaveSense.A success 03d0070285f675c19b12d5b863a023dd
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher PUP.Optional.SaveSense.A success 6f64f01988f30531dfce5538867d8080
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0 PUP.Optional.SaveSense.A success 973cc0495a21d6608d206d2060a305fb
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService PUP.Optional.SaveSense.A success 785bfe0bd8a3d75ff4b96a2355ae2cd4
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0 PUP.Optional.SaveSense.A success 17bcb3566615d95d4964404db44f11ef
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine PUP.Optional.SaveSense.A success 567d7f8ac8b3ce686e3f90fd3ac9639d
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0 PUP.Optional.SaveSense.A success c90aee1b7cffc5719914127b8380d42c
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback PUP.Optional.SaveSense.A success 557e8b7ecfacd16556577e0f59aabf41
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0 PUP.Optional.SaveSense.A success be1539d039429c9ad8d5e2ab7c87926e
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc PUP.Optional.SaveSense.A success d6fde128dba078be317cd0bda85b01ff
HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0 PUP.Optional.SaveSense.A success cb088b7ec6b5a294a607a2eb33d025db
HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exe PUP.Optional.SaveSense.A success 4b8844c5e992bc7a8e1e9df0e91a2bd5
HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware PUP.Optional.Awesomehp.A success 8350d4357a01989ec18589dc8979fa06
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickCtrl.9 PUP.Optional.SaveSense.A success 359ecf3af289b680c2eb315ce81bf40c
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine PUP.Optional.SaveSense.A success f3e04fba2a51f145228bf29b48bbee12
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0 PUP.Optional.SaveSense.A success 8d46b455176439fd8e1f8409fd067c84
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.Update3WebControl.3 PUP.Optional.SaveSense.A success 983be029fb80aa8cb1fcc5c8fd068a76
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync PUP.Optional.SaveSense.A success b81b0603d3a896a08d202f5e05fe9070
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0 PUP.Optional.SaveSense.A success 13c0d732552641f50da0f7961ee5b749
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass PUP.Optional.SaveSense.A success 2ba8f712f883b4825f4e513c0df6639d
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass.1 PUP.Optional.SaveSense.A success 894a7693bac1b086f3ba3d5001025da3
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass PUP.Optional.SaveSense.A success bd165aaf166557df6e3fbbd27291a55b
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1 PUP.Optional.SaveSense.A success 4d8654b5fb8077bf535ae5a8de25c23e
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine PUP.Optional.SaveSense.A success 864d14f50378a195ddd02766d42f3fc1
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0 PUP.Optional.SaveSense.A success f2e10cfdb0cb3501426b1f6e1ae960a0
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine PUP.Optional.SaveSense.A success 3e95f8116f0c40f67934abe248bb06fa
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0 PUP.Optional.SaveSense.A success 389b8e7b760575c17a33c6c7ec174ab6
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback PUP.Optional.SaveSense.A success 587b19f0710a92a43776cebfa3608b75
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0 PUP.Optional.SaveSense.A success 7f548a7f6a11be78dbd2058817eceb15
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher PUP.Optional.SaveSense.A success b81b6f9aec8f7fb7ab02eda0a06347b9
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0 PUP.Optional.SaveSense.A success dff456b3f784e5514964533ae221e51b
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService PUP.Optional.SaveSense.A success 9f3434d52952b383efbe3a533ac9b24e
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0 PUP.Optional.SaveSense.A success d5fe6c9dc6b5979fb6f790fd4db66799
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine PUP.Optional.SaveSense.A success 2ea5ec1da8d3a690119c018c669ded13
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0 PUP.Optional.SaveSense.A success 884b36d303786ec8456809841ce713ed
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback PUP.Optional.SaveSense.A success 9b3886837605ce6808a5434a13f02ed2
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0 PUP.Optional.SaveSense.A success cc076a9f95e63501a805a2eb956e8e72
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc PUP.Optional.SaveSense.A success 26adcd3c8eed2f07317c0c8153b0728e
HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0 PUP.Optional.SaveSense.A success 8b482edb1f5c90a635782c61fb08d22e
HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\SaveSenseLive.exe PUP.Optional.SaveSense.A success 389bc247b3c8e84ecddf99f420e3c13f
HKU\S-1-5-21-3404006502-3931462469-3704297473-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLive PUP.Optional.SaveSense.A success 4291c8417cff979fb1feafde927130d0
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES DefaultScope PUP.Optional.Qone8 replaced {33BB0A4E-99AF-4226-BDF6-49120163DE86} {33BB0A4E-99AF-4226-BDF6-49120163DE86} {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 8e458881601b1d1920d9f91429dbc23e
C:\Windows\KMService.exe RiskWare.Tool.CK delete-on-reboot e6ed7594413a9f9789e34f4be81907f9
C:\$RECYCLE.BIN\S-1-5-21-3404006502-3931462469-3704297473-1000\$RF3FU95.exe PUP.Optional.Spigot.A success 854e77923c3f58dee6a4180457aac937
C:\Users\Etevaldo\AppData\Local\Temp\nsn9C52.tmp-2\APN_ATU3_.exe PUP.Optional.Spigot.A success 12c1b257d8a33df9bcce8993cd345ea2
C:\Users\Etevaldo\Downloads\Setup.exe PUP.Optional.BundleInstaller.A success 03d04dbcfc7fb680d1c3c7247e85837d
C:\Users\Etevaldo\Downloads\Um_Ato_de_Coragem(Denzel_Washington)(H264)_1280x712.exe PUP.Optional.OneClickDownloader.A success 3b98b65395e6b6802ababe75a95828d8
C:\Users\Etevaldo\Downloads\Download – um ato de coragem dublado dvdrip rmvb.zip.exe PUP.Optional.Midia success 894a0504b7c4b185100c8ec46c95a858
C:\Users\Etevaldo\Downloads\aTubeCatcher.exe PUP.Optional.Spigot.A success 854e51b881fae74f6129f725bf429769
C:\Users\Etevaldo\Downloads\Baixar Filme O Homem Bicentenario Dualaudio.exe PUP.Optional.Bundle success 0ec531d86d0e5fd73111c99735ccfd03
C:\Users\Etevaldo\Downloads\Everest Ultimate Edition.exe PUP.Optional.BundleInstaller success a330fc0d2655b4820b7c71ed976afe02
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Seg 31 Mar 2014, 14:02
O Malwarebytes encontrou vários problemas, mas não está constando se foram removidos.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Seg 31 Mar 2014, 17:55
Power Max, fui olhar e achei isso:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
O que posso fazer agora?
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
O que posso fazer agora?
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Seg 31 Mar 2014, 17:58
Achei um botão de exportar o log como arquivo .txt. Aqui vai:
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Scan Date: 31/03/2014
Scan Time: 13:36:13
Logfile: lOG.txt
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.03.31.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Etevaldo
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273604
Time Elapsed: 23 min, 13 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
RiskWare.Tool.CK, C:\Windows\KMService.exe, 1992, Delete-on-Reboot, [e6ed7594413a9f9789e34f4be81907f9]
Modules: 0
(No malicious items detected)
Registry Keys: 66
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense, HKU\S-1-5-21-3404006502-3931462469-3704297473-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}, Quarantined, [547faf5ad1aa87af43655ee2ce3451af],
PUP.Optional.SaveSense, HKU\S-1-5-21-3404006502-3931462469-3704297473-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}, Quarantined, [547faf5ad1aa87af43655ee2ce3451af],
PUP.Optional.BeatTool.A, HKU\S-1-5-21-3404006502-3931462469-3704297473-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{95FFEF7E-D5B7-4AFB-9B49-DA6F9EE962D0}, Quarantined, [9d3649c0136857dfe83fc74111f129d7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [be151ced601bff3755580f7ebe45a35d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, Quarantined, [953e9a6fde9d83b38d20b7d6d72cff01],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [409307022c4f92a4634a76173ac9ec14],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [f7dcd732fc7f5cda1d908ffeee152dd3],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, Quarantined, [567dd039205b270f79340687c04326da],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [775cfa0f3b40a0961499b8d53ac915eb],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass, Quarantined, [874c8b7e8fecf145d9d4ff8ed42ffb05],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, Quarantined, [d30085842655be789d104944db286a96],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, Quarantined, [c80beb1e45365adcd8d58a03a65de917],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [ddf6ce3ba8d3c076ad008805ec179967],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, Quarantined, [1bb841c8512a0432c1ecc6c734cffa06],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [d5fe13f6b8c38fa7c4e93459b35018e8],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, Quarantined, [10c3a5647a010432aeffdab3bf4437c9],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [2fa4c049265577bfdcd15736b44fe020],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [9b38f910cab1e5517b322865cd36cd33],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [03d0070285f675c19b12d5b863a023dd],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, Quarantined, [6f64f01988f30531dfce5538867d8080],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [973cc0495a21d6608d206d2060a305fb],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [785bfe0bd8a3d75ff4b96a2355ae2cd4],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, Quarantined, [17bcb3566615d95d4964404db44f11ef],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, Quarantined, [567d7f8ac8b3ce686e3f90fd3ac9639d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [c90aee1b7cffc5719914127b8380d42c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, Quarantined, [557e8b7ecfacd16556577e0f59aabf41],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [be1539d039429c9ad8d5e2ab7c87926e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, Quarantined, [d6fde128dba078be317cd0bda85b01ff],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, Quarantined, [cb088b7ec6b5a294a607a2eb33d025db],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exe, Quarantined, [4b8844c5e992bc7a8e1e9df0e91a2bd5],
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware, Quarantined, [8350d4357a01989ec18589dc8979fa06],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [359ecf3af289b680c2eb315ce81bf40c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, Quarantined, [f3e04fba2a51f145228bf29b48bbee12],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [8d46b455176439fd8e1f8409fd067c84],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [983be029fb80aa8cb1fcc5c8fd068a76],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, Quarantined, [b81b0603d3a896a08d202f5e05fe9070],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [13c0d732552641f50da0f7961ee5b749],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass, Quarantined, [2ba8f712f883b4825f4e513c0df6639d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, Quarantined, [894a7693bac1b086f3ba3d5001025da3],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, Quarantined, [bd165aaf166557df6e3fbbd27291a55b],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [4d8654b5fb8077bf535ae5a8de25c23e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, Quarantined, [864d14f50378a195ddd02766d42f3fc1],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [f2e10cfdb0cb3501426b1f6e1ae960a0],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, Quarantined, [3e95f8116f0c40f67934abe248bb06fa],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [389b8e7b760575c17a33c6c7ec174ab6],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [587b19f0710a92a43776cebfa3608b75],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [7f548a7f6a11be78dbd2058817eceb15],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, Quarantined, [b81b6f9aec8f7fb7ab02eda0a06347b9],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [dff456b3f784e5514964533ae221e51b],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [9f3434d52952b383efbe3a533ac9b24e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, Quarantined, [d5fe6c9dc6b5979fb6f790fd4db66799],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, Quarantined, [2ea5ec1da8d3a690119c018c669ded13],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [884b36d303786ec8456809841ce713ed],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, Quarantined, [9b3886837605ce6808a5434a13f02ed2],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [cc076a9f95e63501a805a2eb956e8e72],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, Quarantined, [26adcd3c8eed2f07317c0c8153b0728e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, Quarantined, [8b482edb1f5c90a635782c61fb08d22e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\SaveSenseLive.exe, Quarantined, [389bc247b3c8e84ecddf99f420e3c13f],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-3404006502-3931462469-3704297473-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLive, Quarantined, [4291c8417cff979fb1feafde927130d0],
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[8e458881601b1d1920d9f91429dbc23e]
Folders: 0
(No malicious items detected)
Files: 9
RiskWare.Tool.CK, C:\Windows\KMService.exe, Delete-on-Reboot, [e6ed7594413a9f9789e34f4be81907f9],
PUP.Optional.Spigot.A, C:\$RECYCLE.BIN\S-1-5-21-3404006502-3931462469-3704297473-1000\$RF3FU95.exe, Quarantined, [854e77923c3f58dee6a4180457aac937],
PUP.Optional.Spigot.A, C:\Users\Etevaldo\AppData\Local\Temp\nsn9C52.tmp-2\APN_ATU3_.exe, Quarantined, [12c1b257d8a33df9bcce8993cd345ea2],
PUP.Optional.BundleInstaller.A, C:\Users\Etevaldo\Downloads\Setup.exe, Quarantined, [03d04dbcfc7fb680d1c3c7247e85837d],
PUP.Optional.OneClickDownloader.A, C:\Users\Etevaldo\Downloads\Um_Ato_de_Coragem(Denzel_Washington)(H264)_1280x712.exe, Quarantined, [3b98b65395e6b6802ababe75a95828d8],
PUP.Optional.Midia, C:\Users\Etevaldo\Downloads\Download â?? um ato de coragem dublado dvdrip rmvb.zip.exe, Quarantined, [894a0504b7c4b185100c8ec46c95a858],
PUP.Optional.Spigot.A, C:\Users\Etevaldo\Downloads\aTubeCatcher.exe, Quarantined, [854e51b881fae74f6129f725bf429769],
PUP.Optional.Bundle, C:\Users\Etevaldo\Downloads\Baixar Filme O Homem Bicentenario Dualaudio.exe, Quarantined, [0ec531d86d0e5fd73111c99735ccfd03],
PUP.Optional.BundleInstaller, C:\Users\Etevaldo\Downloads\Everest Ultimate Edition.exe, Quarantined, [a330fc0d2655b4820b7c71ed976afe02],
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Scan Date: 31/03/2014
Scan Time: 13:36:13
Logfile: lOG.txt
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.03.31.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Etevaldo
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273604
Time Elapsed: 23 min, 13 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
RiskWare.Tool.CK, C:\Windows\KMService.exe, 1992, Delete-on-Reboot, [e6ed7594413a9f9789e34f4be81907f9]
Modules: 0
(No malicious items detected)
Registry Keys: 66
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, Quarantined, [369d34d594e73afc0bf5a6641be7f30d],
PUP.Optional.SaveSense, HKU\S-1-5-21-3404006502-3931462469-3704297473-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}, Quarantined, [547faf5ad1aa87af43655ee2ce3451af],
PUP.Optional.SaveSense, HKU\S-1-5-21-3404006502-3931462469-3704297473-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}, Quarantined, [547faf5ad1aa87af43655ee2ce3451af],
PUP.Optional.BeatTool.A, HKU\S-1-5-21-3404006502-3931462469-3704297473-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{95FFEF7E-D5B7-4AFB-9B49-DA6F9EE962D0}, Quarantined, [9d3649c0136857dfe83fc74111f129d7],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [be151ced601bff3755580f7ebe45a35d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, Quarantined, [953e9a6fde9d83b38d20b7d6d72cff01],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [409307022c4f92a4634a76173ac9ec14],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [f7dcd732fc7f5cda1d908ffeee152dd3],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, Quarantined, [567dd039205b270f79340687c04326da],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [775cfa0f3b40a0961499b8d53ac915eb],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass, Quarantined, [874c8b7e8fecf145d9d4ff8ed42ffb05],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, Quarantined, [d30085842655be789d104944db286a96],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, Quarantined, [c80beb1e45365adcd8d58a03a65de917],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [ddf6ce3ba8d3c076ad008805ec179967],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, Quarantined, [1bb841c8512a0432c1ecc6c734cffa06],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [d5fe13f6b8c38fa7c4e93459b35018e8],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, Quarantined, [10c3a5647a010432aeffdab3bf4437c9],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [2fa4c049265577bfdcd15736b44fe020],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [9b38f910cab1e5517b322865cd36cd33],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [03d0070285f675c19b12d5b863a023dd],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, Quarantined, [6f64f01988f30531dfce5538867d8080],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [973cc0495a21d6608d206d2060a305fb],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [785bfe0bd8a3d75ff4b96a2355ae2cd4],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, Quarantined, [17bcb3566615d95d4964404db44f11ef],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, Quarantined, [567d7f8ac8b3ce686e3f90fd3ac9639d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [c90aee1b7cffc5719914127b8380d42c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, Quarantined, [557e8b7ecfacd16556577e0f59aabf41],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [be1539d039429c9ad8d5e2ab7c87926e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, Quarantined, [d6fde128dba078be317cd0bda85b01ff],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, Quarantined, [cb088b7ec6b5a294a607a2eb33d025db],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\APPID\SaveSenseLive.exe, Quarantined, [4b8844c5e992bc7a8e1e9df0e91a2bd5],
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware, Quarantined, [8350d4357a01989ec18589dc8979fa06],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [359ecf3af289b680c2eb315ce81bf40c],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, Quarantined, [f3e04fba2a51f145228bf29b48bbee12],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [8d46b455176439fd8e1f8409fd067c84],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [983be029fb80aa8cb1fcc5c8fd068a76],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, Quarantined, [b81b0603d3a896a08d202f5e05fe9070],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [13c0d732552641f50da0f7961ee5b749],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass, Quarantined, [2ba8f712f883b4825f4e513c0df6639d],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, Quarantined, [894a7693bac1b086f3ba3d5001025da3],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, Quarantined, [bd165aaf166557df6e3fbbd27291a55b],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [4d8654b5fb8077bf535ae5a8de25c23e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, Quarantined, [864d14f50378a195ddd02766d42f3fc1],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [f2e10cfdb0cb3501426b1f6e1ae960a0],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, Quarantined, [3e95f8116f0c40f67934abe248bb06fa],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [389b8e7b760575c17a33c6c7ec174ab6],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [587b19f0710a92a43776cebfa3608b75],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [7f548a7f6a11be78dbd2058817eceb15],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, Quarantined, [b81b6f9aec8f7fb7ab02eda0a06347b9],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [dff456b3f784e5514964533ae221e51b],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [9f3434d52952b383efbe3a533ac9b24e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, Quarantined, [d5fe6c9dc6b5979fb6f790fd4db66799],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, Quarantined, [2ea5ec1da8d3a690119c018c669ded13],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [884b36d303786ec8456809841ce713ed],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, Quarantined, [9b3886837605ce6808a5434a13f02ed2],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [cc076a9f95e63501a805a2eb956e8e72],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, Quarantined, [26adcd3c8eed2f07317c0c8153b0728e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, Quarantined, [8b482edb1f5c90a635782c61fb08d22e],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\SaveSenseLive.exe, Quarantined, [389bc247b3c8e84ecddf99f420e3c13f],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-3404006502-3931462469-3704297473-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLive, Quarantined, [4291c8417cff979fb1feafde927130d0],
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[8e458881601b1d1920d9f91429dbc23e]
Folders: 0
(No malicious items detected)
Files: 9
RiskWare.Tool.CK, C:\Windows\KMService.exe, Delete-on-Reboot, [e6ed7594413a9f9789e34f4be81907f9],
PUP.Optional.Spigot.A, C:\$RECYCLE.BIN\S-1-5-21-3404006502-3931462469-3704297473-1000\$RF3FU95.exe, Quarantined, [854e77923c3f58dee6a4180457aac937],
PUP.Optional.Spigot.A, C:\Users\Etevaldo\AppData\Local\Temp\nsn9C52.tmp-2\APN_ATU3_.exe, Quarantined, [12c1b257d8a33df9bcce8993cd345ea2],
PUP.Optional.BundleInstaller.A, C:\Users\Etevaldo\Downloads\Setup.exe, Quarantined, [03d04dbcfc7fb680d1c3c7247e85837d],
PUP.Optional.OneClickDownloader.A, C:\Users\Etevaldo\Downloads\Um_Ato_de_Coragem(Denzel_Washington)(H264)_1280x712.exe, Quarantined, [3b98b65395e6b6802ababe75a95828d8],
PUP.Optional.Midia, C:\Users\Etevaldo\Downloads\Download â?? um ato de coragem dublado dvdrip rmvb.zip.exe, Quarantined, [894a0504b7c4b185100c8ec46c95a858],
PUP.Optional.Spigot.A, C:\Users\Etevaldo\Downloads\aTubeCatcher.exe, Quarantined, [854e51b881fae74f6129f725bf429769],
PUP.Optional.Bundle, C:\Users\Etevaldo\Downloads\Baixar Filme O Homem Bicentenario Dualaudio.exe, Quarantined, [0ec531d86d0e5fd73111c99735ccfd03],
PUP.Optional.BundleInstaller, C:\Users\Etevaldo\Downloads\Everest Ultimate Edition.exe, Quarantined, [a330fc0d2655b4820b7c71ed976afe02],
Physical Sectors: 0
(No malicious items detected)
(end)
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Ter 01 Abr 2014, 12:21
Baixe o programa Junkware Removal Tool no link abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Ter 01 Abr 2014, 14:14
Segue o log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Basic x64
Ran by Etevaldo on 01/04/2014 at 13:10:58,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/04/2014 at 13:35:25,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Basic x64
Ran by Etevaldo on 01/04/2014 at 13:10:58,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/04/2014 at 13:35:25,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Ter 01 Abr 2014, 19:33
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Qua 02 Abr 2014, 13:12
~ Relatório do ZHPDiag v2014.4.2.1 - Nicolas Coolman (02/04/2014)
~ Iniciado por Etevaldo (02/04/2014 13:03:20)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 2.00.0.1000
Spybot - Search & Destroy v2.2.25
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v3.26 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3818 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 268 GB (59%) free of 453 GB
---\\ Modo de conexão ao sistema
~ Computer Name: JUNIOR-PC
~ User Name: Etevaldo
~ All Users Names: Etevaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Etevaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Etevaldo\AppData\Roaming\
~ %Desktop% : C:\Users\Etevaldo\Desktop\
~ %Favorites% : C:\Users\Etevaldo\Favorites\
~ %LocalAppData% : C:\Users\Etevaldo\AppData\Local\
~ %StartMenu% : C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 268 Go of 453 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.14/07/2011 - 02:01:45.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 02:05:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/652
~ Mes musiques (My Musics) : 63/1462
~ Mes Videos (My Videos) : 1/466
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/20875
~ Mon Bureau (My Desktop) : 2/32
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 33s
---\\ Processos lançados
[MD5.E981B925C0D89830512DF99B29B38C9F] - (.Acer Incorporated - Acer VCM.) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe [723560] [PID.3844]
[MD5.9ABC4E3B00CFA3A47D5569F5B49FE42F] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1103440] [PID.3940]
[MD5.E81FCE144FC7ECAF80A5D22A633A4B28] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616] [PID.4084]
[MD5.49B0368D7F4C827094D9910631EE1A2F] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3767608] [PID.536]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.856]
[MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784] [PID.2368]
[MD5.A824317EA303679481EF1039A5D66212] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [343632] [PID.972]
[MD5.8BDE4D8070DA969AF18F526FB70D1A2C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8181760] [PID.400]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1368]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1608]
[MD5.9DD3A22F804697606C2B7FF9E912FF6B] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360] [PID.1772]
[MD5.21ACFD2B4BF6C0F4D9080A437E400E88] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [418896] [PID.1836]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1872]
[MD5.93B73DED2BC688F140C6AE2FBAD45789] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376] [PID.1964]
[MD5.7CB9F0FDD730F4A4ECF6CDE15EA12E8A] - (.Acer Incorporated - Raw Socket Service.) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640] [PID.1080]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.1388]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2200]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.2300]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2392]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.2440]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.2956]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 17s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Desktop [Public]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files (x86)\UltraISO\UltraISO.exe
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [Etevaldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Etevaldo]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\TaskBar [Etevaldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Etevaldo\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Etevaldo]: Media Player Classic (2).lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\TaskBar [Etevaldo]: Media Player Classic.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\Program [Etevaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Etevaldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Etevaldo]: Counter Strike 1.6.lnk . (.Valve - Half-Life Launcher.) -- C:\Program Files (x86)\Counter Strike 1.6\hl.exe
O4 - GS\Desktop [Etevaldo]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Convidado]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Convidado]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 70 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Acer VCM.lnk . (.Acer Incorporated - Acer VCM.) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
O4 - GS\Startup [Etevaldo]: Registration Assassin's Creed.LNK . (...) -- D:\Support\Register\RegistrationReminder.exe -d 805499 -l english -r 7 -g Assassin's Creed -c us -i 2931
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\Run: [mugen] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run: [mugen] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SupTab\SEARCH~2.dll (.not file.) =>PUP.SupTab
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 14 Legitimates Filtered in 00mn 14s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{08439E0B-D9BD-48C9-A460-7643F7FB6AA7}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0F8FAD97-EA5A-423A-B59D-C359BF4EB029}] (...) -- D:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{11650234-ACC9-44AD-9A2C-D5327C85C707}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1929EBDA-900F-4673-9555-AD5617779387}] (...) -- E:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3922EA9A-ADB4-460B-A963-33217DEE3662}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{504C5C2B-2C02-4740-8AE1-C128B8D5EEA3}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{57A1D44A-5725-4BED-A992-3FF72C053785}] (...) -- C:\Program Files (x86)\SUAVE\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{62A6AB0C-B818-4959-9F5E-9830705DABCC}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7FC12B0C-F876-4A83-8143-2E5321B45C20}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{93BB378B-68E9-41F6-93E5-CAFFD6FE9C7E}] (...) -- E:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{971DFB5D-1FFC-4380-A9F8-AA1A7139CFFE}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9B01E93A-456A-4A6C-8F8F-24BE3A3E3E27}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9CB679AA-760E-4E6C-98F0-D2821D42DF57}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B4899F79-76CD-468D-B9C4-57708D2E9447}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EC64D975-DB5B-4012-9A49-8D4B76361AF7}] (...) -- E:\setup.exe (.not file.) [0]
~ Scheduled Task: 35 Legitimates Filtered in 00mn 07s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (wStLibG64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLibG64.sys =>PUP.LinkiDoo
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\WinSlcMy]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\WinSlcMy]
~ Key Software: 279 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/02/2014 - 13:30:04 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 28/03/2014 - 18:38:59 - [0] ----D C:\Program Files (x86)\BeatTool
O43 - CFD: 03/08/2013 - 12:42:58 - [519,794] ----D C:\Program Files (x86)\Counter Strike 1.6
O43 - CFD: 28/02/2014 - 14:05:55 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 21/03/2014 - 20:53:52 - [0] ----D C:\Program Files (x86)\v9Soft
O43 - CFD: 25/03/2014 - 13:46:06 - [0,001] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 24/03/2014 - 13:46:22 - [0] ----D C:\Users\Etevaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 31/01/2013 - 12:23:19 - [0,002] ----D C:\Users\Etevaldo\AppData\Local\Bart_Ubing
O43 - CFD: 13/07/2013 - 10:38:08 - [0,003] ----D C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 - 2012
~ Program Folder: 176 Legitimates Filtered in 00mn 07s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.32EE35E5D7F58CD2C770509FB2020D5A] - 01/04/2014 - 22:57:17 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148058]
O44 - LFC:[MD5.B12E9E1F1D92C7918567181C6BB98B91] - 01/04/2014 - 22:57:17 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706476]
O44 - LFC:[MD5.B8F0ACDB85C48060D41AD6B28415892F] - 24/03/2014 - 22:21:41 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.4E4CEDB097B36EE9BDB3FA2537C35915] - 26/03/2014 - 23:45:23 ---A- . (...) -- C:\Windows\win.ini [521]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 28/03/2014 - 17:15:20 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.4110F9BBAC3A40AFD033DF9FA55777DE] - 28/03/2014 - 18:40:08 ---A- . (...) -- C:\zoek-results.log [25670]
~ Files: 48 Legitimates Filtered in 00mn 17s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0a40ed21-8118-11e3-a812-dc0ea1bd670d}\AutoRun\command. (...) -- D:\WindowsUI\Autorun.exe (.not file.)
O51 - MPSK:{781f6110-f2f1-11e1-870a-806e6f6e6963}\AutoRun\command. (...) -- D:\autorun.exe (.not file.)
O51 - MPSK:{9f5c5d41-5475-11e3-aa65-dc0ea1bd670d}\AutoRun\command. (...) -- D:\iLinker.exe (.not file.)
O51 - MPSK:{feb3caad-310a-11e3-bfb9-dc0ea1bd670d}\AutoRun\command. (...) -- D:\WindowsUI\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 09/02/2014 - 14:10:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 09/02/2014 - 14:10:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.040FF3B09F26926A3792E047DB0F47DD] - 21/01/2014 - 02:40:55 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [31344]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E428DFFA96FAD07D8CA3C9082563A225] - 21/08/2013 - 01:31:40 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103576]
O58 - SDL:[MD5.AAF6F247F1DC370C593B4430974EAD9C] - 21/08/2013 - 01:31:40 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.B8F0ACDB85C48060D41AD6B28415892F] - 24/03/2014 - 22:21:41 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 18 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 24/03/2014 - C:\Windows\System32\drivers\wStLibG64.sys (wStLibG64) .(.StdLib - StdLib.) - LEGACY_WSTLIBG64 =>PUP.LinkiDoo
~ Legacy: 93 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Etevaldo\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][30/03/2014] (...) -- C:\Users\Etevaldo\Desktop\AdwCleaner.exe [1950720]
[MD5.AAF1AFC55083A76CE54C788F3C42237B] [SPRF][08/04/2007] (.SCEE - Teenage Mutant Ninja Puppets.) -- C:\Users\Etevaldo\Desktop\MutantNinja.exe [98304]
[MD5.828ED0940B00A441855273D16BD6CFFC] [SPRF][07/10/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Etevaldo\Desktop\utorrent.exe [1141328] =>P2P.BitTorrent
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][28/03/2014] (...) -- C:\Users\Etevaldo\Desktop\zoek.exe [1285120]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 19/12/2012 732648 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/05/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/09/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 09/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/12/2010 198784 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\Windows\system32\CxAudMsg64.exe
SR - | Auto 30/06/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 29/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 05/04/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 29/01/2010 260640 | (RS_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
SR - | Auto 15/10/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 20/09/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 13/09/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 47s
---\\ Scâner Aditional (088)
Database Version : 13036 - (02/04/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 6
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Etevaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\V9Soft =>PUP.V9Software
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
C:\Users\Etevaldo\Desktop\utorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 226682 Items scanned in 01mn 19s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUA.StartShow
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
~ MSI: 5 link(s) detected in 00mn 00s
~ 1445 Legitimates filtered by white list
End of the scan (466 lines in 04mn 58s)(0)
~ Iniciado por Etevaldo (02/04/2014 13:03:20)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 2.00.0.1000
Spybot - Search & Destroy v2.2.25
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v3.26 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3818 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 268 GB (59%) free of 453 GB
---\\ Modo de conexão ao sistema
~ Computer Name: JUNIOR-PC
~ User Name: Etevaldo
~ All Users Names: Etevaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Etevaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Etevaldo\AppData\Roaming\
~ %Desktop% : C:\Users\Etevaldo\Desktop\
~ %Favorites% : C:\Users\Etevaldo\Favorites\
~ %LocalAppData% : C:\Users\Etevaldo\AppData\Local\
~ %StartMenu% : C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 268 Go of 453 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.14/07/2011 - 02:01:45.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 02:05:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/652
~ Mes musiques (My Musics) : 63/1462
~ Mes Videos (My Videos) : 1/466
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/20875
~ Mon Bureau (My Desktop) : 2/32
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 33s
---\\ Processos lançados
[MD5.E981B925C0D89830512DF99B29B38C9F] - (.Acer Incorporated - Acer VCM.) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe [723560] [PID.3844]
[MD5.9ABC4E3B00CFA3A47D5569F5B49FE42F] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1103440] [PID.3940]
[MD5.E81FCE144FC7ECAF80A5D22A633A4B28] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616] [PID.4084]
[MD5.49B0368D7F4C827094D9910631EE1A2F] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3767608] [PID.536]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.856]
[MD5.AF49D1C79EA49A7833017F290EE63B82] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784] [PID.2368]
[MD5.A824317EA303679481EF1039A5D66212] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [343632] [PID.972]
[MD5.8BDE4D8070DA969AF18F526FB70D1A2C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8181760] [PID.400]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1368]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1608]
[MD5.9DD3A22F804697606C2B7FF9E912FF6B] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360] [PID.1772]
[MD5.21ACFD2B4BF6C0F4D9080A437E400E88] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [418896] [PID.1836]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1872]
[MD5.93B73DED2BC688F140C6AE2FBAD45789] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376] [PID.1964]
[MD5.7CB9F0FDD730F4A4ECF6CDE15EA12E8A] - (.Acer Incorporated - Raw Socket Service.) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640] [PID.1080]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.1388]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2200]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.2300]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2392]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.2440]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.2956]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 17s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Desktop [Public]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files (x86)\UltraISO\UltraISO.exe
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [Etevaldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Etevaldo]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\TaskBar [Etevaldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Etevaldo\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Etevaldo]: Media Player Classic (2).lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\TaskBar [Etevaldo]: Media Player Classic.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\Program [Etevaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Etevaldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Etevaldo]: Counter Strike 1.6.lnk . (.Valve - Half-Life Launcher.) -- C:\Program Files (x86)\Counter Strike 1.6\hl.exe
O4 - GS\Desktop [Etevaldo]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Convidado]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Convidado]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 70 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Acer VCM.lnk . (.Acer Incorporated - Acer VCM.) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
O4 - GS\Startup [Etevaldo]: Registration Assassin's Creed.LNK . (...) -- D:\Support\Register\RegistrationReminder.exe -d 805499 -l english -r 7 -g Assassin's Creed -c us -i 2931
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\Run: [mugen] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run: [mugen] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\SupTab\SEARCH~2.dll (.not file.) =>PUP.SupTab
~ AppInit DLL: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 14 Legitimates Filtered in 00mn 14s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{08439E0B-D9BD-48C9-A460-7643F7FB6AA7}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0F8FAD97-EA5A-423A-B59D-C359BF4EB029}] (...) -- D:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{11650234-ACC9-44AD-9A2C-D5327C85C707}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1929EBDA-900F-4673-9555-AD5617779387}] (...) -- E:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3922EA9A-ADB4-460B-A963-33217DEE3662}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{504C5C2B-2C02-4740-8AE1-C128B8D5EEA3}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{57A1D44A-5725-4BED-A992-3FF72C053785}] (...) -- C:\Program Files (x86)\SUAVE\unins000.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{62A6AB0C-B818-4959-9F5E-9830705DABCC}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7FC12B0C-F876-4A83-8143-2E5321B45C20}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{93BB378B-68E9-41F6-93E5-CAFFD6FE9C7E}] (...) -- E:\autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{971DFB5D-1FFC-4380-A9F8-AA1A7139CFFE}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9B01E93A-456A-4A6C-8F8F-24BE3A3E3E27}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9CB679AA-760E-4E6C-98F0-D2821D42DF57}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B4899F79-76CD-468D-B9C4-57708D2E9447}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EC64D975-DB5B-4012-9A49-8D4B76361AF7}] (...) -- E:\setup.exe (.not file.) [0]
~ Scheduled Task: 35 Legitimates Filtered in 00mn 07s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (wStLibG64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLibG64.sys =>PUP.LinkiDoo
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\WinSlcMy]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\WinSlcMy]
~ Key Software: 279 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/02/2014 - 13:30:04 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 28/03/2014 - 18:38:59 - [0] ----D C:\Program Files (x86)\BeatTool
O43 - CFD: 03/08/2013 - 12:42:58 - [519,794] ----D C:\Program Files (x86)\Counter Strike 1.6
O43 - CFD: 28/02/2014 - 14:05:55 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 21/03/2014 - 20:53:52 - [0] ----D C:\Program Files (x86)\v9Soft
O43 - CFD: 25/03/2014 - 13:46:06 - [0,001] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 24/03/2014 - 13:46:22 - [0] ----D C:\Users\Etevaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 31/01/2013 - 12:23:19 - [0,002] ----D C:\Users\Etevaldo\AppData\Local\Bart_Ubing
O43 - CFD: 13/07/2013 - 10:38:08 - [0,003] ----D C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 - 2012
~ Program Folder: 176 Legitimates Filtered in 00mn 07s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.32EE35E5D7F58CD2C770509FB2020D5A] - 01/04/2014 - 22:57:17 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148058]
O44 - LFC:[MD5.B12E9E1F1D92C7918567181C6BB98B91] - 01/04/2014 - 22:57:17 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706476]
O44 - LFC:[MD5.B8F0ACDB85C48060D41AD6B28415892F] - 24/03/2014 - 22:21:41 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.4E4CEDB097B36EE9BDB3FA2537C35915] - 26/03/2014 - 23:45:23 ---A- . (...) -- C:\Windows\win.ini [521]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 28/03/2014 - 17:15:20 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.4110F9BBAC3A40AFD033DF9FA55777DE] - 28/03/2014 - 18:40:08 ---A- . (...) -- C:\zoek-results.log [25670]
~ Files: 48 Legitimates Filtered in 00mn 17s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0a40ed21-8118-11e3-a812-dc0ea1bd670d}\AutoRun\command. (...) -- D:\WindowsUI\Autorun.exe (.not file.)
O51 - MPSK:{781f6110-f2f1-11e1-870a-806e6f6e6963}\AutoRun\command. (...) -- D:\autorun.exe (.not file.)
O51 - MPSK:{9f5c5d41-5475-11e3-aa65-dc0ea1bd670d}\AutoRun\command. (...) -- D:\iLinker.exe (.not file.)
O51 - MPSK:{feb3caad-310a-11e3-bfb9-dc0ea1bd670d}\AutoRun\command. (...) -- D:\WindowsUI\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 09/02/2014 - 14:10:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 09/02/2014 - 14:10:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.040FF3B09F26926A3792E047DB0F47DD] - 21/01/2014 - 02:40:55 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [31344]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E428DFFA96FAD07D8CA3C9082563A225] - 21/08/2013 - 01:31:40 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103576]
O58 - SDL:[MD5.AAF6F247F1DC370C593B4430974EAD9C] - 21/08/2013 - 01:31:40 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.B8F0ACDB85C48060D41AD6B28415892F] - 24/03/2014 - 22:21:41 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 18 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 24/03/2014 - C:\Windows\System32\drivers\wStLibG64.sys (wStLibG64) .(.StdLib - StdLib.) - LEGACY_WSTLIBG64 =>PUP.LinkiDoo
~ Legacy: 93 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][30/03/2014] (...) -- C:\Users\Etevaldo\Desktop\AdwCleaner.exe [1950720]
[MD5.AAF1AFC55083A76CE54C788F3C42237B] [SPRF][08/04/2007] (.SCEE - Teenage Mutant Ninja Puppets.) -- C:\Users\Etevaldo\Desktop\MutantNinja.exe [98304]
[MD5.828ED0940B00A441855273D16BD6CFFC] [SPRF][07/10/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Etevaldo\Desktop\utorrent.exe [1141328] =>P2P.BitTorrent
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][28/03/2014] (...) -- C:\Users\Etevaldo\Desktop\zoek.exe [1285120]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 19/12/2012 732648 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/05/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/09/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 09/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/12/2010 198784 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\Windows\system32\CxAudMsg64.exe
SR - | Auto 30/06/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 29/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 05/04/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 29/01/2010 260640 | (RS_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
SR - | Auto 15/10/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 20/09/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 13/09/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 47s
---\\ Scâner Aditional (088)
Database Version : 13036 - (02/04/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 6
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\Users\Etevaldo\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\V9Soft =>PUP.V9Software
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
C:\Users\Etevaldo\Desktop\utorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 226682 Items scanned in 01mn 19s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUA.StartShow
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.V9Software
~ MSI: 5 link(s) detected in 00mn 00s
~ 1445 Legitimates filtered by white list
End of the scan (466 lines in 04mn 58s)(0)
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Sex 04 Abr 2014, 18:31
Foi mal pela demora, é que estou com problemas na internet e também estava com uns trabalhos acumulados.
________________________________________________________________________________________
Siga, por gentileza, as dicas destes tutoriais:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta juntamente com o log do Usbfix que estará em C:\UsbFix.txt e o relatório do McShield Anti-Malware Tool que terá o nome MCShield-AllScans.txt, o qual estará na área de trabalho (Desktop) de seu PC.
Ficamos no aguardo.
________________________________________________________________________________________
Siga, por gentileza, as dicas destes tutoriais:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com o log do Usbfix que estará em C:\UsbFix.txt e o relatório do McShield Anti-Malware Tool que terá o nome MCShield-AllScans.txt, o qual estará na área de trabalho (Desktop) de seu PC.
Ficamos no aguardo.
Última edição por Power Max em Dom 06 Abr 2014, 12:43, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Sáb 05 Abr 2014, 13:36
Log do MCShield:
>>> MCShield AllScans.txt <<<
-----------------------------
MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
>>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<<
05/04/2014 13:22:42 > Unidade C: - escanemaneto iniciado (Hard Disk ~453 GB, NTFS HDD )...
=> A unidade está limpa.
MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
>>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<<
05/04/2014 13:25:08 > Unidade E: - escanemaneto iniciado (sem rotulo ~1908 MB, FAT unidade flash )...
=> A unidade está limpa.
___________________________________________________________________________________________________________________________
Log do UsbFix:
############################## | UsbFix V 7.169 | [Supressão]
Usuário: Etevaldo (Administrador) # JUNIOR-PC
Atualizado em 31/03/2014 por El Desaparecido - Team SosVirus
Começou em 13:09:10 | 05/04/2014
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Support : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PC: Acer (JE10-BZ)
CPU: AMD C-50 Processor
RAM -> [Total : 3819 Mo| Free : 2914 Mo]
Bios: Acer
Boot: Normal boot
OS: Microsoft Windows 7 Home Basic (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16521
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | (!) Outdated]
AS: Windows Defender [(!) Disabled | Updated]
AS: Spybot - Search and Destroy [Enabled | (!) Outdated]
AS: avast! Antivirus [Enabled | (!) Outdated]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Disco fixo # 453 Gb (267 Mb livre - 59%) [Hard Disk] # NTFS
D:\ -> CD-ROM
################## | Processos Ativos |
C:\Windows\system32\csrss.exe (ID: 448 |ParentID: 440)
C:\Windows\system32\wininit.exe (ID: 532 |ParentID: 440)
C:\Windows\system32\csrss.exe (ID: 544 |ParentID: 524)
C:\Windows\system32\services.exe (ID: 588 |ParentID: 532)
C:\Windows\system32\lsass.exe (ID: 604 |ParentID: 532)
C:\Windows\system32\lsm.exe (ID: 612 |ParentID: 532)
C:\Windows\system32\winlogon.exe (ID: 648 |ParentID: 524)
C:\Windows\system32\svchost.exe (ID: 756 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 852 |ParentID: 588)
C:\Windows\system32\atiesrxx.exe (ID: 900 |ParentID: 588)
C:\Windows\System32\svchost.exe (ID: 972 |ParentID: 588)
C:\Windows\System32\svchost.exe (ID: 108 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 276 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 444 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 1036 |ParentID: 588)
C:\Windows\system32\atieclxx.exe (ID: 1112 |ParentID: 900)
C:\Windows\system32\svchost.exe (ID: 1188 |ParentID: 588)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1356 |ParentID: 588)
C:\Windows\System32\spoolsv.exe (ID: 1480 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 1516 |ParentID: 588)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1692 |ParentID: 588)
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID: 1728 |ParentID: 588)
C:\Windows\system32\CxAudMsg64.exe (ID: 1760 |ParentID: 588)
C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ID: 1800 |ParentID: 588)
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (ID: 1828 |ParentID: 588)
C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ID: 1856 |ParentID: 1800)
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (ID: 1896 |ParentID: 588)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (ID: 1964 |ParentID: 588)
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (ID: 2016 |ParentID: 588)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (ID: 1056 |ParentID: 588)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2216 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 2240 |ParentID: 588)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (ID: 2364 |ParentID: 588)
C:\Windows\system32\taskhost.exe (ID: 2484 |ParentID: 588)
C:\Windows\system32\Dwm.exe (ID: 2572 |ParentID: 108)
C:\Windows\Explorer.EXE (ID: 2604 |ParentID: 2544)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2692 |ParentID: 588)
C:\Windows\system32\runonce.exe (ID: 2720 |ParentID: 2604)
C:\Windows\SysWOW64\runonce.exe (ID: 2736 |ParentID: 2720)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (ID: 2936 |ParentID: 588)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 3332 |ParentID: 588)
C:\Windows\system32\SearchIndexer.exe (ID: 3384 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 3728 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 3884 |ParentID: 588)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3996 |ParentID: 3384)
C:\Windows\system32\SearchFilterHost.exe (ID: 4036 |ParentID: 3384)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2656 |ParentID: 756)
################## | Procura genérica |
(!) Ficheiros temporários suprimido.
################## | Registro |
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Windows\CurrentVersion\Run|mugen
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\.\.\.\.\Mountpoints2\D
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\.\.\.\.\Mountpoints2\{0a40ed21-8118-11e3-a812-dc0ea1bd670d}
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\.\.\.\.\Mountpoints2\{781f6110-f2f1-11e1-870a-806e6f6e6963}
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\.\.\.\.\Mountpoints2\{9f5c5d41-5475-11e3-aa65-dc0ea1bd670d}
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\.\.\.\.\Mountpoints2\{feb3caad-310a-11e3-bfb9-dc0ea1bd670d}
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
04 - HKCU\..\Run : [Google Update] "C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [x64] HKLM\..\Run : [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run : [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
04 - HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run : [Google Update] "C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-19\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-18\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
################## | Listing |
[03/04/2014 - 15:31:50 | SHD] - C:\$RECYCLE.BIN
[30/03/2014 - 11:29:20 | D] - C:\AdwCleaner
[16/12/2012 - 18:05:40 | D] - C:\AMD
[30/08/2012 - 10:34:44 | D] - C:\Arquivos de Programas
[21/04/2012 - 00:23:03 | D] - C:\book
[19/10/2011 - 04:26:10 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[14/07/2009 - 02:08:56 | SHD] - C:\Documents and Settings
[16/12/2012 - 17:35:51 | D] - C:\edbd08f770eeba0629f83f97d19d
[05/04/2014 - 13:06:47 | ASH | 2932916 Ko] - C:\hiberfil.sys
[16/12/2012 - 10:25:12 | RHD] - C:\MSOCache
[20/01/2011 - 12:31:58 | N | 1 Ko] - C:\NetworkCfg.xml
[06/10/2013 - 12:32:08 | D] - C:\OEM
[23/08/2013 - 17:24:28 | D] - C:\output
[05/04/2014 - 13:06:46 | ASH | 3910556 Ko] - C:\pagefile.sys
[15/12/2012 - 17:34:41 | D] - C:\PerfLogs
[15/03/2014 - 13:02:04 | D] - C:\Program Files
[02/04/2014 - 13:00:56 | D] - C:\Program Files (x86)
[31/03/2014 - 13:10:17 | HD] - C:\ProgramData
[30/08/2012 - 10:34:44 | SHD] - C:\Recovery
[01/04/2014 - 11:31:31 | SHD] - C:\System Volume Information
[05/04/2014 - 13:02:47 | D] - C:\UsbFix
[05/04/2014 - 13:11:06 | A | 8 Ko | 8D7C1AFA7A3ABA5A3C68E3EBC05FB5D0] - C:\UsbFix [Clean 2] JUNIOR-PC.txt
[22/10/2013 - 13:02:33 | D] - C:\UserData
[03/03/2013 - 13:20:23 | D] - C:\Users
[02/01/2013 - 20:24:40 | D] - C:\W7P_Backups
[01/04/2014 - 13:10:55 | D] - C:\Windows
[28/03/2014 - 18:40:08 | N | 25 Ko] - C:\zoek-results.log
[28/03/2014 - 18:02:46 | D] - C:\zoek_backup
################## | Vaccin |
################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
_____________________________________________________________________________________________________________________________
Log do ZHPFix:
Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre :
Run by Etevaldo at 05/04/2014 13:28:16
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 19s)
Reparação de atalhos do navegador
========== Estado dos serviços ==========
WSTLIBG64 Parado
========== Chaves do Registo ==========
ELIMINÉ Driver Key: wStLibG64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
========== Valores do Registo ==========
ELIMINÉ RunValue: SynTPEnh
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ AppInit: \Program Files (x86)\SupTab\SEARCH~2.dll
SUBSTITUI Value Start_ShowHelp : Good (1) - Bad (0)
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlibg64.sys
ELIMINÉ Temporários windows (12) (5.573 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {08439E0B-D9BD-48C9-A460-7643F7FB6AA7}
ELIMINÉ: {0F8FAD97-EA5A-423A-B59D-C359BF4EB029}
ELIMINÉ: {11650234-ACC9-44AD-9A2C-D5327C85C707}
ELIMINÉ: {1929EBDA-900F-4673-9555-AD5617779387}
ELIMINÉ: {3922EA9A-ADB4-460B-A963-33217DEE3662}
ELIMINÉ: {504C5C2B-2C02-4740-8AE1-C128B8D5EEA3}
ELIMINÉ: {57A1D44A-5725-4BED-A992-3FF72C053785}
ELIMINÉ: {62A6AB0C-B818-4959-9F5E-9830705DABCC}
ELIMINÉ: {7FC12B0C-F876-4A83-8143-2E5321B45C20}
ELIMINÉ: {93BB378B-68E9-41F6-93E5-CAFFD6FE9C7E}
ELIMINÉ: {971DFB5D-1FFC-4380-A9F8-AA1A7139CFFE}
ELIMINÉ: {9B01E93A-456A-4A6C-8F8F-24BE3A3E3E27}
ELIMINÉ: {9CB679AA-760E-4E6C-98F0-D2821D42DF57}
ELIMINÉ: {B4899F79-76CD-468D-B9C4-57708D2E9447}
ELIMINÉ: {EC64D975-DB5B-4012-9A49-8D4B76361AF7}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
4 : Chaves do Registo
7 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
3 : Ficheiros
1 : Estado dos serviços
15 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 38s
========== Caminho do ficheiro do relatório ==========
C:\Users\Etevaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/04/2014 13:28:36 [2454]
>>> MCShield AllScans.txt <<<
-----------------------------
MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
>>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<<
05/04/2014 13:22:42 > Unidade C: - escanemaneto iniciado (Hard Disk ~453 GB, NTFS HDD )...
=> A unidade está limpa.
MCShield ::Anti-Malware Tool:: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
>>> v 3.0.4.27 / DB: 2014.3.30.1 / Windows 7 <<<
05/04/2014 13:25:08 > Unidade E: - escanemaneto iniciado (sem rotulo ~1908 MB, FAT unidade flash )...
=> A unidade está limpa.
___________________________________________________________________________________________________________________________
Log do UsbFix:
############################## | UsbFix V 7.169 | [Supressão]
Usuário: Etevaldo (Administrador) # JUNIOR-PC
Atualizado em 31/03/2014 por El Desaparecido - Team SosVirus
Começou em 13:09:10 | 05/04/2014
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Support : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PC: Acer (JE10-BZ)
CPU: AMD C-50 Processor
RAM -> [Total : 3819 Mo| Free : 2914 Mo]
Bios: Acer
Boot: Normal boot
OS: Microsoft Windows 7 Home Basic (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16521
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | (!) Outdated]
AS: Windows Defender [(!) Disabled | Updated]
AS: Spybot - Search and Destroy [Enabled | (!) Outdated]
AS: avast! Antivirus [Enabled | (!) Outdated]
FW: Windows FireWall [Enabled]
C:\ (%systemdrive%) -> Disco fixo # 453 Gb (267 Mb livre - 59%) [Hard Disk] # NTFS
D:\ -> CD-ROM
################## | Processos Ativos |
C:\Windows\system32\csrss.exe (ID: 448 |ParentID: 440)
C:\Windows\system32\wininit.exe (ID: 532 |ParentID: 440)
C:\Windows\system32\csrss.exe (ID: 544 |ParentID: 524)
C:\Windows\system32\services.exe (ID: 588 |ParentID: 532)
C:\Windows\system32\lsass.exe (ID: 604 |ParentID: 532)
C:\Windows\system32\lsm.exe (ID: 612 |ParentID: 532)
C:\Windows\system32\winlogon.exe (ID: 648 |ParentID: 524)
C:\Windows\system32\svchost.exe (ID: 756 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 852 |ParentID: 588)
C:\Windows\system32\atiesrxx.exe (ID: 900 |ParentID: 588)
C:\Windows\System32\svchost.exe (ID: 972 |ParentID: 588)
C:\Windows\System32\svchost.exe (ID: 108 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 276 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 444 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 1036 |ParentID: 588)
C:\Windows\system32\atieclxx.exe (ID: 1112 |ParentID: 900)
C:\Windows\system32\svchost.exe (ID: 1188 |ParentID: 588)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1356 |ParentID: 588)
C:\Windows\System32\spoolsv.exe (ID: 1480 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 1516 |ParentID: 588)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1692 |ParentID: 588)
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (ID: 1728 |ParentID: 588)
C:\Windows\system32\CxAudMsg64.exe (ID: 1760 |ParentID: 588)
C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ID: 1800 |ParentID: 588)
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (ID: 1828 |ParentID: 588)
C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ID: 1856 |ParentID: 1800)
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (ID: 1896 |ParentID: 588)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (ID: 1964 |ParentID: 588)
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (ID: 2016 |ParentID: 588)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (ID: 1056 |ParentID: 588)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2216 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 2240 |ParentID: 588)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (ID: 2364 |ParentID: 588)
C:\Windows\system32\taskhost.exe (ID: 2484 |ParentID: 588)
C:\Windows\system32\Dwm.exe (ID: 2572 |ParentID: 108)
C:\Windows\Explorer.EXE (ID: 2604 |ParentID: 2544)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2692 |ParentID: 588)
C:\Windows\system32\runonce.exe (ID: 2720 |ParentID: 2604)
C:\Windows\SysWOW64\runonce.exe (ID: 2736 |ParentID: 2720)
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (ID: 2936 |ParentID: 588)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 3332 |ParentID: 588)
C:\Windows\system32\SearchIndexer.exe (ID: 3384 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 3728 |ParentID: 588)
C:\Windows\system32\svchost.exe (ID: 3884 |ParentID: 588)
C:\Windows\system32\SearchProtocolHost.exe (ID: 3996 |ParentID: 3384)
C:\Windows\system32\SearchFilterHost.exe (ID: 4036 |ParentID: 3384)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2656 |ParentID: 756)
################## | Procura genérica |
(!) Ficheiros temporários suprimido.
################## | Registro |
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\Microsoft\Windows\CurrentVersion\Run|mugen
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\.\.\.\.\Mountpoints2\D
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\.\.\.\.\Mountpoints2\{0a40ed21-8118-11e3-a812-dc0ea1bd670d}
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\.\.\.\.\Mountpoints2\{781f6110-f2f1-11e1-870a-806e6f6e6963}
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\.\.\.\.\Mountpoints2\{9f5c5d41-5475-11e3-aa65-dc0ea1bd670d}
Supprimido ! HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\Software\.\.\.\.\Mountpoints2\{feb3caad-310a-11e3-bfb9-dc0ea1bd670d}
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
04 - HKCU\..\Run : [Google Update] "C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKLM\..\Run : [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [x64] HKLM\..\Run : [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run : [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
04 - HKU\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run : [Google Update] "C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-19\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-18\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
################## | Listing |
[03/04/2014 - 15:31:50 | SHD] - C:\$RECYCLE.BIN
[30/03/2014 - 11:29:20 | D] - C:\AdwCleaner
[16/12/2012 - 18:05:40 | D] - C:\AMD
[30/08/2012 - 10:34:44 | D] - C:\Arquivos de Programas
[21/04/2012 - 00:23:03 | D] - C:\book
[19/10/2011 - 04:26:10 | RASH | 8 Ko] - C:\BOOTSECT.BAK
[14/07/2009 - 02:08:56 | SHD] - C:\Documents and Settings
[16/12/2012 - 17:35:51 | D] - C:\edbd08f770eeba0629f83f97d19d
[05/04/2014 - 13:06:47 | ASH | 2932916 Ko] - C:\hiberfil.sys
[16/12/2012 - 10:25:12 | RHD] - C:\MSOCache
[20/01/2011 - 12:31:58 | N | 1 Ko] - C:\NetworkCfg.xml
[06/10/2013 - 12:32:08 | D] - C:\OEM
[23/08/2013 - 17:24:28 | D] - C:\output
[05/04/2014 - 13:06:46 | ASH | 3910556 Ko] - C:\pagefile.sys
[15/12/2012 - 17:34:41 | D] - C:\PerfLogs
[15/03/2014 - 13:02:04 | D] - C:\Program Files
[02/04/2014 - 13:00:56 | D] - C:\Program Files (x86)
[31/03/2014 - 13:10:17 | HD] - C:\ProgramData
[30/08/2012 - 10:34:44 | SHD] - C:\Recovery
[01/04/2014 - 11:31:31 | SHD] - C:\System Volume Information
[05/04/2014 - 13:02:47 | D] - C:\UsbFix
[05/04/2014 - 13:11:06 | A | 8 Ko | 8D7C1AFA7A3ABA5A3C68E3EBC05FB5D0] - C:\UsbFix [Clean 2] JUNIOR-PC.txt
[22/10/2013 - 13:02:33 | D] - C:\UserData
[03/03/2013 - 13:20:23 | D] - C:\Users
[02/01/2013 - 20:24:40 | D] - C:\W7P_Backups
[01/04/2014 - 13:10:55 | D] - C:\Windows
[28/03/2014 - 18:40:08 | N | 25 Ko] - C:\zoek-results.log
[28/03/2014 - 18:02:46 | D] - C:\zoek_backup
################## | Vaccin |
################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
_____________________________________________________________________________________________________________________________
Log do ZHPFix:
Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre :
Run by Etevaldo at 05/04/2014 13:28:16
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 19s)
Reparação de atalhos do navegador
========== Estado dos serviços ==========
WSTLIBG64 Parado
========== Chaves do Registo ==========
ELIMINÉ Driver Key: wStLibG64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
========== Valores do Registo ==========
ELIMINÉ RunValue: SynTPEnh
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ AppInit: \Program Files (x86)\SupTab\SEARCH~2.dll
SUBSTITUI Value Start_ShowHelp : Good (1) - Bad (0)
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlibg64.sys
ELIMINÉ Temporários windows (12) (5.573 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {08439E0B-D9BD-48C9-A460-7643F7FB6AA7}
ELIMINÉ: {0F8FAD97-EA5A-423A-B59D-C359BF4EB029}
ELIMINÉ: {11650234-ACC9-44AD-9A2C-D5327C85C707}
ELIMINÉ: {1929EBDA-900F-4673-9555-AD5617779387}
ELIMINÉ: {3922EA9A-ADB4-460B-A963-33217DEE3662}
ELIMINÉ: {504C5C2B-2C02-4740-8AE1-C128B8D5EEA3}
ELIMINÉ: {57A1D44A-5725-4BED-A992-3FF72C053785}
ELIMINÉ: {62A6AB0C-B818-4959-9F5E-9830705DABCC}
ELIMINÉ: {7FC12B0C-F876-4A83-8143-2E5321B45C20}
ELIMINÉ: {93BB378B-68E9-41F6-93E5-CAFFD6FE9C7E}
ELIMINÉ: {971DFB5D-1FFC-4380-A9F8-AA1A7139CFFE}
ELIMINÉ: {9B01E93A-456A-4A6C-8F8F-24BE3A3E3E27}
ELIMINÉ: {9CB679AA-760E-4E6C-98F0-D2821D42DF57}
ELIMINÉ: {B4899F79-76CD-468D-B9C4-57708D2E9447}
ELIMINÉ: {EC64D975-DB5B-4012-9A49-8D4B76361AF7}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
4 : Chaves do Registo
7 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
3 : Ficheiros
1 : Estado dos serviços
15 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 38s
========== Caminho do ficheiro do relatório ==========
C:\Users\Etevaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/04/2014 13:28:36 [2454]
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Sáb 05 Abr 2014, 13:48
Ocorreu uns probleminhas...
Uso netbook, e depois que terminei os scans com os programas, tem tecla de função especial (fn + seta pra cima = alterar volume do som) que não tá funcionando. Além de que não aparece mais o aviso na tela de que uma tecla especial foi ativada, como bloquear o touch pad.
Como faço pra reverter isso?
Uso netbook, e depois que terminei os scans com os programas, tem tecla de função especial (fn + seta pra cima = alterar volume do som) que não tá funcionando. Além de que não aparece mais o aviso na tela de que uma tecla especial foi ativada, como bloquear o touch pad.
Como faço pra reverter isso?
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Sáb 05 Abr 2014, 13:50
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Sáb 05 Abr 2014, 15:15
~ Relatório do ZHPDiag v2014.4.2.1 - Nicolas Coolman (02/04/2014)
~ Iniciado por Etevaldo (05/04/2014 15:08:46)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 2.00.0.1000
Spybot - Search & Destroy v2.2.25
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v3.26 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3818 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 267 GB (59%) free of 453 GB
---\\ Modo de conexão ao sistema
~ Computer Name: JUNIOR-PC
~ User Name: Etevaldo
~ All Users Names: Etevaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Etevaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Etevaldo\AppData\Roaming\
~ %Desktop% : C:\Users\Etevaldo\Desktop\
~ %Favorites% : C:\Users\Etevaldo\Favorites\
~ %LocalAppData% : C:\Users\Etevaldo\AppData\Local\
~ %StartMenu% : C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 267 Go of 453 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.14/07/2011 - 02:01:45.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 02:05:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/654
~ Mes musiques (My Musics) : 63/1462
~ Mes Videos (My Videos) : 1/465
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/20875
~ Mon Bureau (My Desktop) : 2/39
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 46s
---\\ Processos lançados
[MD5.E981B925C0D89830512DF99B29B38C9F] - (.Acer Incorporated - Acer VCM.) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe [723560] [PID.2596]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312] [PID.3180]
[MD5.89B7B1B233466CB6C19CF6EC2D49AED1] - (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816] [PID.4072]
[MD5.8BDE4D8070DA969AF18F526FB70D1A2C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8181760] [PID.1376]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1356]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1692]
[MD5.9DD3A22F804697606C2B7FF9E912FF6B] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360] [PID.1800]
[MD5.21ACFD2B4BF6C0F4D9080A437E400E88] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [418896] [PID.1856]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1896]
[MD5.93B73DED2BC688F140C6AE2FBAD45789] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376] [PID.1964]
[MD5.7CB9F0FDD730F4A4ECF6CDE15EA12E8A] - (.Acer Incorporated - Raw Socket Service.) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640] [PID.2016]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.1056]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2216]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.2364]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2692]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.2936]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3332]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 34s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Desktop [Public]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files (x86)\UltraISO\UltraISO.exe
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [Etevaldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Etevaldo]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\TaskBar [Etevaldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Etevaldo\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Etevaldo]: Media Player Classic (2).lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\TaskBar [Etevaldo]: Media Player Classic.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\Program [Etevaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Etevaldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Etevaldo]: Counter Strike 1.6.lnk . (.Valve - Half-Life Launcher.) -- C:\Program Files (x86)\Counter Strike 1.6\hl.exe
O4 - GS\Desktop [Etevaldo]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Convidado]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Convidado]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 71 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Acer VCM.lnk . (.Acer Incorporated - Acer VCM.) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
O4 - GS\Startup [Etevaldo]: Registration Assassin's Creed.LNK . (...) -- D:\Support\Register\RegistrationReminder.exe -d 805499 -l english -r 7 -g Assassin's Creed -c us -i 2931
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\mcshieldrtm.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\mcshieldrtm.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 14 Legitimates Filtered in 00mn 15s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (wStLibG64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLibG64.sys =>PUP.LinkiDoo
~ Drivers: 76 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM][64Bits] -- MCShield
~ Logic: 28 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\MCShield]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\WinSlcMy]
[HKLM\Software\Wow6432Node\PIP]
[HKLM\Software\Wow6432Node\WinSlcMy]
~ Key Software: 283 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/08/2013 - 12:42:58 - [519,794] ----D C:\Program Files (x86)\Counter Strike 1.6
O43 - CFD: 05/04/2014 - 13:20:37 - [4,280] ----D C:\Program Files (x86)\MCShield
O43 - CFD: 28/02/2014 - 14:05:55 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 05/04/2014 - 13:25:11 - [2,877] ----D C:\ProgramData\MCShield
O43 - CFD: 31/01/2013 - 12:23:19 - [0,002] ----D C:\Users\Etevaldo\AppData\Local\Bart_Ubing
O43 - CFD: 13/07/2013 - 10:38:08 - [0,003] ----D C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 - 2012
~ Program Folder: 173 Legitimates Filtered in 00mn 17s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.E3966C5F3355420004FCD6E4CE1F0455] - 05/04/2014 - 13:11:06 ---A- . (...) -- C:\UsbFix [Clean 2] JUNIOR-PC.txt [9027]
O44 - LFC:[MD5.32EE35E5D7F58CD2C770509FB2020D5A] - 05/04/2014 - 13:28:58 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148058]
O44 - LFC:[MD5.B12E9E1F1D92C7918567181C6BB98B91] - 05/04/2014 - 13:28:58 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706476]
O44 - LFC:[MD5.B8F0ACDB85C48060D41AD6B28415892F] - 24/03/2014 - 22:21:41 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.4E4CEDB097B36EE9BDB3FA2537C35915] - 26/03/2014 - 23:45:23 ---A- . (...) -- C:\Windows\win.ini [521]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 28/03/2014 - 17:15:20 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.4110F9BBAC3A40AFD033DF9FA55777DE] - 28/03/2014 - 18:40:08 ----- . (...) -- C:\zoek-results.log [25670]
~ Files: 49 Legitimates Filtered in 00mn 10s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 09/02/2014 - 14:10:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 09/02/2014 - 14:10:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.040FF3B09F26926A3792E047DB0F47DD] - 21/01/2014 - 02:40:55 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [31344]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E428DFFA96FAD07D8CA3C9082563A225] - 21/08/2013 - 01:31:40 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103576]
O58 - SDL:[MD5.AAF6F247F1DC370C593B4430974EAD9C] - 21/08/2013 - 01:31:40 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.B8F0ACDB85C48060D41AD6B28415892F] - 24/03/2014 - 22:21:41 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 17 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Etevaldo\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][30/03/2014] (...) -- C:\Users\Etevaldo\Desktop\AdwCleaner.exe [1950720]
[MD5.C96F446085D8340C975BBE32096BD1F0] [SPRF][05/04/2014] (.MyCity - MCShield ::Anti-Malware Tool::.) -- C:\Users\Etevaldo\Desktop\MCShield-Setup.exe [2846904]
[MD5.AAF1AFC55083A76CE54C788F3C42237B] [SPRF][08/04/2007] (.SCEE - Teenage Mutant Ninja Puppets.) -- C:\Users\Etevaldo\Desktop\MutantNinja.exe [98304]
[MD5.828ED0940B00A441855273D16BD6CFFC] [SPRF][07/10/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Etevaldo\Desktop\utorrent.exe [1141328] =>P2P.BitTorrent
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][28/03/2014] (...) -- C:\Users\Etevaldo\Desktop\zoek.exe [1285120]
~ Files: 7 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 19/12/2012 732648 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/05/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/09/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 09/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/12/2010 198784 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\Windows\system32\CxAudMsg64.exe
SR - | Auto 30/06/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 29/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 05/04/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 29/01/2010 260640 | (RS_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
SR - | Auto 15/10/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 20/09/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 13/09/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 49s
---\\ Scâner Aditional (088)
Database Version : 13036 - (02/04/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\PIP] =>Toolbar.Ask
C:\Users\Etevaldo\Desktop\utorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 226426 Items scanned in 01mn 25s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ MSI: 2 link(s) detected in 00mn 00s
~ 1428 Legitimates filtered by white list
End of the scan (415 lines in 05mn 16s)(0)
~ Iniciado por Etevaldo (05/04/2014 15:08:46)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware versão 2.00.0.1000
Spybot - Search & Destroy v2.2.25
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v3.26 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3818 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 267 GB (59%) free of 453 GB
---\\ Modo de conexão ao sistema
~ Computer Name: JUNIOR-PC
~ User Name: Etevaldo
~ All Users Names: Etevaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Etevaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Etevaldo\AppData\Roaming\
~ %Desktop% : C:\Users\Etevaldo\Desktop\
~ %Favorites% : C:\Users\Etevaldo\Favorites\
~ %LocalAppData% : C:\Users\Etevaldo\AppData\Local\
~ %StartMenu% : C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 267 Go of 453 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.14/07/2011 - 02:01:45.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.01/03/2014 - 00:10:28.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 02:05:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/654
~ Mes musiques (My Musics) : 63/1462
~ Mes Videos (My Videos) : 1/465
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/20875
~ Mon Bureau (My Desktop) : 2/39
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 46s
---\\ Processos lançados
[MD5.E981B925C0D89830512DF99B29B38C9F] - (.Acer Incorporated - Acer VCM.) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe [723560] [PID.2596]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312] [PID.3180]
[MD5.89B7B1B233466CB6C19CF6EC2D49AED1] - (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816] [PID.4072]
[MD5.8BDE4D8070DA969AF18F526FB70D1A2C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8181760] [PID.1376]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1356]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1692]
[MD5.9DD3A22F804697606C2B7FF9E912FF6B] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360] [PID.1800]
[MD5.21ACFD2B4BF6C0F4D9080A437E400E88] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [418896] [PID.1856]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1896]
[MD5.93B73DED2BC688F140C6AE2FBAD45789] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376] [PID.1964]
[MD5.7CB9F0FDD730F4A4ECF6CDE15EA12E8A] - (.Acer Incorporated - Raw Socket Service.) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640] [PID.2016]
[MD5.98EF79CC2B07398AC525F9EA1AE0366F] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880] [PID.1056]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2216]
[MD5.14BF6B3AB327D519ED007CDDC56F6900] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272] [PID.2364]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2692]
[MD5.820EBE67AB99F033FDE25B2692157991] - (.Safer-Networking Ltd. - Windows Security Center integration..) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416] [PID.2936]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3332]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Etevaldo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 34s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Desktop [Public]: UltraISO.lnk . (.EZB Systems, Inc. - UltraISO Premium.) -- C:\Program Files (x86)\UltraISO\UltraISO.exe
O4 - GS\Program [Public]: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch [Etevaldo]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Etevaldo]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\TaskBar [Etevaldo]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Etevaldo\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Etevaldo]: Media Player Classic (2).lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\TaskBar [Etevaldo]: Media Player Classic.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
O4 - GS\Program [Etevaldo]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Etevaldo]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Etevaldo]: Counter Strike 1.6.lnk . (.Valve - Half-Life Launcher.) -- C:\Program Files (x86)\Counter Strike 1.6\hl.exe
O4 - GS\Desktop [Etevaldo]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [Convidado]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Convidado]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Convidado]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Global Startup: 71 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Acer VCM.lnk . (.Acer Incorporated - Acer VCM.) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
O4 - GS\Startup [Etevaldo]: Registration Assassin's Creed.LNK . (...) -- D:\Support\Register\RegistrationReminder.exe -d 805499 -l english -r 7 -g Assassin's Creed -c us -i 2931
O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\mcshieldrtm.exe
O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Windows® installer.) -- C:\Windows\System32\msiexec.exe
O4 - HKUS\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Etevaldo\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3404006502-3931462469-3704297473-1000\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files (x86)\MCShield\mcshieldrtm.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{F51E84FA-8165-4B83-B2C6-FC2A282277F3}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{C71E3FB9-D2E0-4325-B768-224A3C379B7C}: DhcpDomain = Smart Lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
~ Services: 14 Legitimates Filtered in 00mn 15s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (wStLibG64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLibG64.sys =>PUP.LinkiDoo
~ Drivers: 76 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM][64Bits] -- MCShield
~ Logic: 28 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\MCShield]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\WinSlcMy]
[HKLM\Software\Wow6432Node\PIP]
[HKLM\Software\Wow6432Node\WinSlcMy]
~ Key Software: 283 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/08/2013 - 12:42:58 - [519,794] ----D C:\Program Files (x86)\Counter Strike 1.6
O43 - CFD: 05/04/2014 - 13:20:37 - [4,280] ----D C:\Program Files (x86)\MCShield
O43 - CFD: 28/02/2014 - 14:05:55 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 05/04/2014 - 13:25:11 - [2,877] ----D C:\ProgramData\MCShield
O43 - CFD: 31/01/2013 - 12:23:19 - [0,002] ----D C:\Users\Etevaldo\AppData\Local\Bart_Ubing
O43 - CFD: 13/07/2013 - 10:38:08 - [0,003] ----D C:\Users\Etevaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter Strike 1.6 - 2012
~ Program Folder: 173 Legitimates Filtered in 00mn 17s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.E3966C5F3355420004FCD6E4CE1F0455] - 05/04/2014 - 13:11:06 ---A- . (...) -- C:\UsbFix [Clean 2] JUNIOR-PC.txt [9027]
O44 - LFC:[MD5.32EE35E5D7F58CD2C770509FB2020D5A] - 05/04/2014 - 13:28:58 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148058]
O44 - LFC:[MD5.B12E9E1F1D92C7918567181C6BB98B91] - 05/04/2014 - 13:28:58 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706476]
O44 - LFC:[MD5.B8F0ACDB85C48060D41AD6B28415892F] - 24/03/2014 - 22:21:41 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.4E4CEDB097B36EE9BDB3FA2537C35915] - 26/03/2014 - 23:45:23 ---A- . (...) -- C:\Windows\win.ini [521]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 28/03/2014 - 17:15:20 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.4110F9BBAC3A40AFD033DF9FA55777DE] - 28/03/2014 - 18:40:08 ----- . (...) -- C:\zoek-results.log [25670]
~ Files: 49 Legitimates Filtered in 00mn 10s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 09/02/2014 - 14:10:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 09/02/2014 - 14:10:10 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.040FF3B09F26926A3792E047DB0F47DD] - 21/01/2014 - 02:40:55 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [31344]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E428DFFA96FAD07D8CA3C9082563A225] - 21/08/2013 - 01:31:40 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103576]
O58 - SDL:[MD5.AAF6F247F1DC370C593B4430974EAD9C] - 21/08/2013 - 01:31:40 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [204568]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.B8F0ACDB85C48060D41AD6B28415892F] - 24/03/2014 - 22:21:41 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLibG64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 17 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][30/03/2014] (...) -- C:\Users\Etevaldo\Desktop\AdwCleaner.exe [1950720]
[MD5.C96F446085D8340C975BBE32096BD1F0] [SPRF][05/04/2014] (.MyCity - MCShield ::Anti-Malware Tool::.) -- C:\Users\Etevaldo\Desktop\MCShield-Setup.exe [2846904]
[MD5.AAF1AFC55083A76CE54C788F3C42237B] [SPRF][08/04/2007] (.SCEE - Teenage Mutant Ninja Puppets.) -- C:\Users\Etevaldo\Desktop\MutantNinja.exe [98304]
[MD5.828ED0940B00A441855273D16BD6CFFC] [SPRF][07/10/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Etevaldo\Desktop\utorrent.exe [1141328] =>P2P.BitTorrent
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][28/03/2014] (...) -- C:\Users\Etevaldo\Desktop\zoek.exe [1285120]
~ Files: 7 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 19/12/2012 732648 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 24/05/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/09/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 09/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/12/2010 198784 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\Windows\system32\CxAudMsg64.exe
SR - | Auto 30/06/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
SR - | Auto 29/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
SR - | Auto 05/04/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 29/01/2010 260640 | (RS_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
SR - | Auto 15/10/2013 3921880 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
SR - | Auto 20/09/2013 1042272 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
SR - | Auto 13/09/2013 171416 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 49s
---\\ Scâner Aditional (088)
Database Version : 13036 - (02/04/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\PIP] =>Toolbar.Ask
C:\Users\Etevaldo\Desktop\utorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 226426 Items scanned in 01mn 25s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ MSI: 2 link(s) detected in 00mn 00s
~ 1428 Legitimates filtered by white list
End of the scan (415 lines in 05mn 16s)(0)
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Sáb 05 Abr 2014, 16:20
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Ficamos no aguardo.
Última edição por Power Max em Dom 06 Abr 2014, 11:57, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Sáb 05 Abr 2014, 16:58
Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre :
Run by Etevaldo at 05/04/2014 16:57:02
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 46s)
========== Chaves do Registo ==========
ELIMINÉ Driver Key: wStLibG64
ELIMINÉ: HKCU\Software\APN PIP
ELIMINÉ: HKLM\Software\Wow6432Node\PIP
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlibg64.sys
ELIMINÉ Temporários windows (16) (1.866.343 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
3 : Chaves do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema
End of clean in 01mn 18s
========== Caminho do ficheiro do relatório ==========
C:\Users\Etevaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/04/2014 13:28:36 [2537]
C:\Users\Etevaldo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 05/04/2014 16:57:48 [1063]
Fichier d'export Registre :
Run by Etevaldo at 05/04/2014 16:57:02
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 46s)
========== Chaves do Registo ==========
ELIMINÉ Driver Key: wStLibG64
ELIMINÉ: HKCU\Software\APN PIP
ELIMINÉ: HKLM\Software\Wow6432Node\PIP
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlibg64.sys
ELIMINÉ Temporários windows (16) (1.866.343 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
3 : Chaves do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema
End of clean in 01mn 18s
========== Caminho do ficheiro do relatório ==========
C:\Users\Etevaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/04/2014 13:28:36 [2537]
C:\Users\Etevaldo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 05/04/2014 16:57:48 [1063]
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Sáb 05 Abr 2014, 17:04
Reinicie o PC e depois nos diga como está seu PC após estes procedimentos.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Sáb 05 Abr 2014, 20:10
A velocidade da conexão voltou a funcionar em praticamente 100%. A lentidão no sistema diminuiu muito mais também. Além de uns probleminhas que incomodavam.
Porém, o "hardware" da rolagem do touch pad não inicia automaticamente quando ligo o pc. Tenho que iniciar manualmente. Como reverto isso?
Porém, o "hardware" da rolagem do touch pad não inicia automaticamente quando ligo o pc. Tenho que iniciar manualmente. Como reverto isso?
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Sáb 05 Abr 2014, 20:37
Acesse o site oficial do fabricante de seu PC > Baixe a versão mais atual do driver de seu touch pad e o instale. Depois nos diga se este problema foi resolvido.Porém, o "hardware" da rolagem do touch pad não inicia automaticamente quando ligo o pc. Tenho que iniciar manualmente. Como reverto isso?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Suspeita de Malware roubando a conexão!
por Júnior Dantas Dom 06 Abr 2014, 11:48
Foi resolvido sim.
Só tenho uma dúvida. Tem problema eu deixar o MCShield ativo mesmo com o antivírus? (O MCShield já me ajudou quando conectei outro pen drive no pc...)
Só tenho uma dúvida. Tem problema eu deixar o MCShield ativo mesmo com o antivírus? (O MCShield já me ajudou quando conectei outro pen drive no pc...)
Júnior Dantas- Iniciante
- Mensagens : 29
Reputação : 0
Data de inscrição : 29/03/2014
Idade : 43
Localização : Brasil
Re: Suspeita de Malware roubando a conexão!
por Power Max Dom 06 Abr 2014, 11:54
O McShield é compatível com seu antivirus, pode usar eles em conjunto. Ele é bom para limpar vírus de pendrives e prevenir a entrada deles no PC.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 2 • 1, 2
Tópicos semelhantes» Suspeita de Malware roubando a conexão! 2
» Suspeita de Keyloger ou malware
» Suspeita de Virus ou Malware ajude-me please !
» Como faço para resolver estes problemas na conexão do meu pendrive/conexão com o celular pelo USB?
» Placa de video roubando memoria
» Suspeita de Keyloger ou malware
» Suspeita de Virus ou Malware ajude-me please !
» Como faço para resolver estes problemas na conexão do meu pendrive/conexão com o celular pelo USB?
» Placa de video roubando memoria
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|