Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit  Social bookmarking google      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14537 usuários registrados
O último usuário registrado atende pelo nome de Jaíne Miranda

Os nossos membros postaram um total de 35541 mensagens em 3616 assuntos
Últimos assuntos
» Monitor não roda 1920x1080 só com o pc
por joram Sab 04 Jul 2020, 11:26

Quem está conectado
2 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 2 Visitantes :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 163 em Seg 02 Set 2019, 16:28
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2020
SegTerQuaQuiSexSabDom
  12345
6789101112
13141516171819
20212223242526
2728293031  

Calendário Calendário


Meu pc infectado esta me dando prejuizos...Socorro algem me ajude.

Ir em baixo

pela - Meu pc infectado esta me dando prejuizos...Socorro algem me ajude. Empty Meu pc infectado esta me dando prejuizos...Socorro algem me ajude.

Mensagem por Ariston Junior em Qua 18 Jun 2014, 18:55

Boa noite a todos os colaboradores!
estou com um serio problema no meu pc cara,eu acho que algum site esta forjando compras atraves da minha linha de telefone movel,eles me mandam mensagens e realizam cobranças em meus creditos pre pago sem que eu autorize,eu ligo na operadora eles cancelam mais no dia seguinte eles voltam a descontar o quanto eles querem,e o site que aparece nao e da operadora por isso eu acho que e do meu pc.
Tem alguma forma que vc possa me ajudar?
Ariston Junior
Ariston Junior
Iniciante
Iniciante

Mensagens : 15
Reputação : 0
Data de inscrição : 29/01/2014

Voltar ao Topo Ir em baixo

pela - Meu pc infectado esta me dando prejuizos...Socorro algem me ajude. Empty Re: Meu pc infectado esta me dando prejuizos...Socorro algem me ajude.

Mensagem por Power Max em Qua 18 Jun 2014, 20:42

Olá Ariston.

pela - Meu pc infectado esta me dando prejuizos...Socorro algem me ajude. 772309 Faça o download do < ZHPDiag > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Você precisa estar registrado e conectado para ver esta imagem.]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

pela - Meu pc infectado esta me dando prejuizos...Socorro algem me ajude. Empty Muito obrigado pela atenção! Esse site e muito bom,segue em anexo o relatorio.

Mensagem por Ariston Junior em Seg 23 Jun 2014, 18:28

~ Relatório do ZHPDiag v2014.6.22.96 - Nicolas Coolman (22/06/2014)
~ Iniciado por usuario (23/06/2014 18:14:50)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v35.0.1916.153 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Internet Security v9.0.2018
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3692 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 414 GB (90%) free of 460 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USER-PC
~ User Name: usuario
~ All Users Names: usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\usuario\AppData\Roaming\
~ %Desktop% : C:\Users\usuario\Desktop\
~ %Favorites% : C:\Users\usuario\Favorites\
~ %LocalAppData% : C:\Users\usuario\AppData\Local\
~ %StartMenu% : C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 414 Go of 460 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 6 Go)
E: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.CA87556BBA37D1B4F67C331186618673] - (.Microsoft Corporation - Internet Extensions para Win32.) (.25/07/2013 - 00:30:49.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 03:41:34.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/282
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/7
~ Mon Bureau (My Desktop) : 1/312
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3516]
[MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208] [PID.3228]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2060]
[MD5.F7BE2C8A32681D4937A6C73E2357389A] - (.OpenOffice.org - BrOffice.org 3.1.) -- C:\Program Files (x86)\BrOffice.org 3\program\soffice.exe [7424000] [PID.432]
[MD5.33577F5F1971946484A452B84B05EA7E] - (.OpenOffice.org - BrOffice.org 3.1.) -- C:\Program Files (x86)\BrOffice.org 3\program\soffice.bin [7418368] [PID.3496]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.1420]
[MD5.C2167DC35D09EA1D9993E837CFDFD4C7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8070656] [PID.2192]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1408]
[MD5.55FF0FFE359702D2E2B99DF5CBB3DD06] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [109048] [PID.1764]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1900]
[MD5.7B4C82899A967A7EB22DAB502770AE8E] - (.Microsoft Corporation - Windows Live Family Safety Service.) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1512640] [PID.2008]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1104]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1264]
[MD5.C3CDDD18F43D44AB713CF8C4916F7696] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496] [PID.2328]
[MD5.13693B6354DD6E72DC5131DA7D764B90] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776] [PID.2512]
[MD5.72794D112CBAFF3BC0C29BF7350D4741] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822624] [PID.2884]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] [Você precisa estar registrado e conectado para ver este link.]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (Désactivé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial v.9.4.10.0 (Désactivé) =>Adware.MyWebSearch
G2 - GCE: Preference [User Data\Default] [pkndmigholgfjlniaohblojbhgjbkakn] Lightning speedDial v.1.1.7, (Désactivé)
G2 - GCE: Preference [User Data\Default] [pljcgbedjplidkdjahbaalanadmjfgop] Ask Toolbar v.30.1, (Désactivé) =>Toolbar.Ask

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 10s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.] =>Adware.MyWebSearch
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{724D43A0-0D85-11D4-9908-00400523E39A} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [Software Informer] . (.Informer Technologies, Inc. - Software Informer.) -- C:\Program Files\Software Informer\softinfo.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2830750472-3205545891-2825983601-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2830750472-3205545891-2825983601-1000\..\Run: [Software Informer] . (.Informer Technologies, Inc. - Software Informer.) -- C:\Program Files\Software Informer\softinfo.exe
~ Application: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E4B38EF-058F-4975-A81F-BC271BC427B9}: DhcpNameServer = 200.149.55.140 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDF8FC7-8ED8-4B85-84D4-C5C0A0B8F527}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8E4B38EF-058F-4975-A81F-BC271BC427B9}: DhcpNameServer = 200.149.55.140 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{FFDF8FC7-8ED8-4B85-84D4-C5C0A0B8F527}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8E4B38EF-058F-4975-A81F-BC271BC427B9}: DhcpNameServer = 200.149.55.140 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{FFDF8FC7-8ED8-4B85-84D4-C5C0A0B8F527}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [Run RoboForm TaskBar Icon] (...) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1264C577-5E34-4CF5-A682-472CC8BC93E5}] (...) -- C:\Users\usuario\Downloads\CALVIN HARRIS - Well Be Coming Back.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DE7012A5-1B1F-45E2-8CB6-EDBD9DED45F2}] (...) -- C:\Users\usuario\Downloads\CALVIN HARRIS - Well Be Coming Back.exe (.not file.) [0]
[MD5.2A7F03F7FC92C3DAD284C5F7ED5FC49E] [APT] [{FBBFC912-E892-4DF7-AE25-B514598821FC}] (.CAIXA.) -- C:\Users\usuario\Downloads\iGBPCEFsf.exe [2510664]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 09s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\windows\system32\drivers\Bprotect.sys
~ Drivers: 84 Legitimates Filtered in 00mn 14s



---\\ Software instalados (042)
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-4300-76A7-A758B70C0A00} =>Toolbar.Avira
O42 - Logiciel: Codec Package Packages - (...) [HKCU][64Bits] -- Codec Package Packages
O42 - Logiciel: KeeP 3D - v1.0 - (.KeeP Sofware.) [HKLM][64Bits] -- {D445A7B9-69A8-4860-95B9-BB957281D9A0}_is1
O42 - Logiciel: KeeP3D - (.UNKNOWN.) [HKLM][64Bits] -- KeeP3D
O42 - Logiciel: KeeP3D - (.UNKNOWN.) [HKLM][64Bits] -- {CFF2C57D-6F64-1853-5912-50A5840809D0}
O42 - Logiciel: RightSurf - (.RightSurf.) [HKLM][64Bits] -- RightSurf =>PUP.RightSurf
~ Logic: 33 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adorika]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\baidu]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 238 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/02/2014 - 17:49:39 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 14/09/2012 - 15:50:43 - [] ----D C:\Program Files (x86)\KeeP3D
O43 - CFD: 04/02/2014 - 17:51:35 - [] ----D C:\ProgramData\baidu
O43 - CFD: 04/02/2014 - 17:51:13 - [] ----D C:\Users\usuario\AppData\Roaming\0D0S1L2Z1P1B
O43 - CFD: 04/02/2014 - 17:51:50 - [] ----D C:\Users\usuario\AppData\Roaming\Baidu
O43 - CFD: 25/01/2014 - 14:44:28 - [] ----D C:\Users\usuario\AppData\Roaming\Baidu Security
O43 - CFD: 14/09/2012 - 15:51:09 - [] ----D C:\Users\usuario\AppData\Roaming\KeeP3D
O43 - CFD: 26/01/2014 - 12:34:58 - [] ----D C:\Users\usuario\AppData\Roaming\rmi
~ 61 Dossier CLSID vide (CLSID Empty Folder)
~ Program Folder: 210 Legitimates Filtered in 00mn 04s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.340B0467E98A8C92697D73034DB4BCB7] - 18/06/2014 - 18:02:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
O44 - LFC:[MD5.72F99FCD291D717C288EB911AC717889] - 20/06/2014 - 19:50:40 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [331574]
O44 - LFC:[MD5.4064DEC9ED4C9C986DA89DDCF036E8BE] - 20/06/2014 - 19:50:40 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [878050]
~ Files: 21 Legitimates Filtered in 00mn 23s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe =>PUP.Babylon
O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe
~ IFEO: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{456d2c1e-4c0a-11e1-87df-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:24/01/2014 - 12:02:46 R--A- . (.360.cn - 360杀毒 文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:18/06/2014 - 18:02:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:18/06/2014 - 18:02:54 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:18/06/2014 - 18:02:54 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:25/01/2014 - 15:03:03 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 66 Legitimates Filtered in 00mn 06s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 18/06/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 21/01/2014 - C:\windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 21/01/2014 - C:\windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON
O64 - Services: CurCS - 21/01/2014 - C:\windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
~ Legacy: 102 Legitimates Filtered in 00mn 02s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Mysearchdial) - [Você precisa estar registrado e conectado para ver este link.] =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {ABCD0123-1234-5678-ABCD-0123456789AB} [DefaultScope] - (Baidu) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 2 Legitimates Filtered in 00mn 03s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "D21EC9447C2E79B41BE9551D36AE4953" . (.Bing Bar.) -- C:\Windows\Installer\{449CE12D-E2C7-4B97-B19E-55D163EA9435}\icon_installer_ico =>Toolbar.Bing
O90 - PUC: "D2A425F473650034677A7A857BC0A000" . (.Ask Toolbar.) -- C:\windows\Installer\{4F524A2D-5637-4300-76A7-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 2 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A18901901EDE918C422E3FF6E4C0D458] [WIS][10/01/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\57f98d.msi [463872] =>Toolbar.Avira
[MD5.0E4185F75C1394897DB73CCC3368CA4B] [WIS][11/06/2012] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\aae48.msi [475136] =>Toolbar.Bing
[MD5.0E4185F75C1394897DB73CCC3368CA4B] [WIS][11/06/2012] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\bba6.msi [475136] =>Toolbar.Bing
[MD5.7392F668FE327921951BD45F0B733950] [WIS][01/04/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\bdcad.msi [4556800] =>Toolbar.Bing
~ WIS: 4 Legitimates Filtered in 00mn 05s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshMediaBar_RASAPI32 =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshMediaBar_RASMANCS =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshSetup-r1528-w-bc_RASAPI32 =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshSetup-r1528-w-bc_RASMANCS =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_RASAPI32 =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_RASMANCS =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_RASAPI32 =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_RASMANCS =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MySearchDial_RASAPI32 =>Adware.MyWebSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MySearchDial_RASMANCS =>Adware.MyWebSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MYSEAR~1_RASAPI32 =>Adware.MyWebSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MYSEAR~1_RASMANCS =>Adware.MyWebSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro_RASAPI32 =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro_RASMANCS =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptProStart_RASAPI32 =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptProStart_RASMANCS =>PUP.OptimizerPro
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RightSurfSetup_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RightSurfSetup_RASMANCS =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RightSurf_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RightSurf_RASMANCS =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RightSurf_Setup_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\RightSurf_Setup_RASMANCS =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iMesh_RASAPI32 =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iMesh_RASMANCS =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateRightSurf_RASMANCS =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASAPI32 =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilRightSurf_RASMANCS =>PUP.RightSurf
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wpm_RASMANCS =>PUP.WpManager
~ BTK: 281 Legitimates Filtered in 00mn 01s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 11/06/2012 193616 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe =>Toolbar.Bing
SS - | Demand 11/06/2012 240208 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe =>Toolbar.Bing
SS - | Auto 02/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Auto 28/03/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 15/09/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 15/09/2011 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 18/06/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 18/06/2014 109048 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 27/04/2011 12784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
SR - | Auto 12/07/2011 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 27136 | C:\windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 25s



---\\ Scâner Aditional (088)
Database Version : 13026 - (22/06/2014)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 7

[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^
[HKLM\Software\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-4300-76A7-A758B70C0A00}] =>Toolbar.Avira^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RightSurf] =>PUP.RightSurf^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optimizerpro_RASMANCS] =>PUP.OptimizerPro
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optimizerpro_RASAPI32] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Mobogenie_RASMANCS] =>PUP.Mobogenie
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optprostart_RASMANCS] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\optprostart_RASAPI32] =>PUP.OptimizerPro
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Mobogenie_RASAPI32] =>PUP.Mobogenie
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^
C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop =>Toolbar.Ask^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Windows\Installer\57f98d.msi =>Toolbar.Avira^
C:\Windows\Installer\aae48.msi =>Toolbar.Bing^
C:\Windows\Installer\bba6.msi =>Toolbar.Bing^
C:\Windows\Installer\bdcad.msi =>Toolbar.Bing^
~ Additionnel Scan: 209001 Items scanned in 02mn 25s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Barras do Internet Explorer (03))
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Adware.MyWebSearch
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Ask
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Mobogenie
[Você precisa estar registrado e conectado para ver este link.] =>PUP.RightSurf
[Você precisa estar registrado e conectado para ver este link.] =>PUP.WpManager
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SupTab
[Você precisa estar registrado e conectado para ver este link.] =>PUP.BitGuard
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Eazel
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Babylon
[Você precisa estar registrado e conectado para ver este link.] =>PUP.BrowserSafeguard
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SweetIM
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.DeltaSearch
[Você precisa estar registrado e conectado para ver este link.] =>Adware.IMBooster
[Você precisa estar registrado e conectado para ver este link.] =>Spyware.ProtectedSearch
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.SmartBar
[Você precisa estar registrado e conectado para ver este link.] =>PUP.iMesh
[Você precisa estar registrado e conectado para ver este link.] =>PUP.OptimizerPro
~ MSI: 17 link(s) detected in 00mn 00s



~ 831 Legitimates filtered by white list
End of the scan (568 lines in 06mn 01s)(0)
Ariston Junior
Ariston Junior
Iniciante
Iniciante

Mensagens : 15
Reputação : 0
Data de inscrição : 29/01/2014

Voltar ao Topo Ir em baixo

pela - Meu pc infectado esta me dando prejuizos...Socorro algem me ajude. Empty Re: Meu pc infectado esta me dando prejuizos...Socorro algem me ajude.

Mensagem por Power Max em Seg 23 Jun 2014, 19:24

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

pela - Meu pc infectado esta me dando prejuizos...Socorro algem me ajude. Empty Re: Meu pc infectado esta me dando prejuizos...Socorro algem me ajude.

Mensagem por Danii em Sab 12 Jul 2014, 14:54

TÓPICO ARQUIVADO

Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da Equipe da Moderação solicitando o desbloqueio.
Danii
Danii
Membro Pleno
Membro Pleno

Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil

Voltar ao Topo Ir em baixo

pela - Meu pc infectado esta me dando prejuizos...Socorro algem me ajude. Empty Re: Meu pc infectado esta me dando prejuizos...Socorro algem me ajude.

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum