Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 8 usuários online :: 0 registrados, 0 invisíveis e 8 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Note com infecção
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Note com infecção
por luizvilarinho Ter 15 Jul 2014, 18:25
O PC em questão está com prováveis vírus e devem ter outras pragas a serem confirmadas com um exame, os navegadores ao abrirem fecham-se imediatamente o crome abre varias guias sozinho, maquina com travamentos.
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por Power Max Ter 15 Jul 2014, 20:37
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Ter 15 Jul 2014, 20:43
Baixarei em outra maquina para poder usar na que está com problemas, pois os navegadores estão com problemas.
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por luizvilarinho Ter 15 Jul 2014, 21:07
Procedimento realizado, mas o crome ainda abrindo guias sozinho e os outros navegadores fecham de imediato ao serem abertos, segue o log mas tive que trazer via pendrive e passar de outro pc.
# AdwCleaner v3.215 - Relatório criado 15/07/2014 às 20:57:36
# Atualizado 09/07/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Marineide - MARINEIDE-PC
# Executando de : F:\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Pasta Deletada : C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Pasta Deletada : C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Valor Deletedo : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Arquivo : C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : ieadcoanfjloocmfafkebdnfefmohngj
Deletedo [Extension] : kfakeonomonapccoamcmdgpoaicnpnoo
Deletedo [Extension] : khcceooakamlehbimaepcldnnlnkcmfk
*************************
AdwCleaner[R0].txt - [2991 octets] - [15/07/2014 20:56:18]
AdwCleaner[S0].txt - [2879 octets] - [15/07/2014 20:57:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2939 octets] ##########
# AdwCleaner v3.215 - Relatório criado 15/07/2014 às 20:57:36
# Atualizado 09/07/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Marineide - MARINEIDE-PC
# Executando de : F:\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Pasta Deletada : C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Pasta Deletada : C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Valor Deletedo : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Arquivo : C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : ieadcoanfjloocmfafkebdnfefmohngj
Deletedo [Extension] : kfakeonomonapccoamcmdgpoaicnpnoo
Deletedo [Extension] : khcceooakamlehbimaepcldnnlnkcmfk
*************************
AdwCleaner[R0].txt - [2991 octets] - [15/07/2014 20:56:18]
AdwCleaner[S0].txt - [2879 octets] - [15/07/2014 20:57:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2939 octets] ##########
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por Power Max Ter 15 Jul 2014, 21:56
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 05:23
Procedimento realizado, mas ainda do mesmo jeito, o modulo de internet do avast está bloqueando um arquivo nocivo e é no navegador crome como poderá ver na imagem anexa.
Zoek.exe v5.0.0.0 Updated 15-07-2014
Tool run by Marineide on 16/07/2014 at 4:52:57,10.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Marineide\Desktop\zoek.pif [Scan all users] [Script inserted]
==== System Restore Info ======================
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.selectedEngine", "Google");
user_pref("keyword.url", "http://www.google.com/search?btnG=Google+Search&q=");
Added to C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Users\Marineide\AppData\Roaming\temp.ini deleted
C:\PROGRA~2\ProductData deleted
C:\Users\Marineide\Searches deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\config\systemprofile\Searches deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09/07/2014 09:45]
==== Firefox Extensions ======================
ProfilePath: C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default
- Undetermined - C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default\extensions\ascsurfingprotection@iobit.com
- Undetermined - C:\Program Files\IObit Apps Toolbar\FF
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Marineide\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
11B27E47D0217C20BFF2490AB657BE67 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll - Silverlight Plug-In
D19E6B87675A40D252EB8669F68403C5 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrlui.dll - Microsoft (R) Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09/07/2014 09:44]
Google Docs - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Advanced SystemCare Surfing Protection - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
YouTube - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Facebook Cover Maker - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjibidejkfaggepnbcnobhinfpojlcmb
Google Wallet - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Marineide\Desktop\Microsoft Office PowerPoint 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Marineide\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Marineide\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Marineide\Desktop\mateus mc`s\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced SystemCare 7.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files\HP\Digital Imaging\AppStudio\hpzsip.url
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe
C:\Users\Public\Desktop\SpywareBlaster.lnk - C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
==== shortcuts in Users Start Menu ======================
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1eD0b30.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\1eD0b30.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2Da2C20.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\2Da2C20.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3BEFEC3.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3BEFEC3.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3EebCCD.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3EebCCD.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4C1bdfc.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\4C1bdfc.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aCddBaB.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\aCddBaB.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cd2ACE6.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Cd2ACE6.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cfd1eEb.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\cfd1eEb.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eaa5CfC.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Eaa5CfC.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdeE0b4.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\EdeE0b4.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f1fC6Cb.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\f1fC6Cb.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 7.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6 deleted successfully
==== Empty IE Cache ======================
C:\Users\Marineide\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marineide\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Marineide\AppData\Local\Mozilla\Firefox\Profiles\gy4x9a9b.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=12 folders=3 4609 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Marineide\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\MARINE~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 16/07/2014 at 5:05:05,89 ======================
Zoek.exe v5.0.0.0 Updated 15-07-2014
Tool run by Marineide on 16/07/2014 at 4:52:57,10.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Marineide\Desktop\zoek.pif [Scan all users] [Script inserted]
==== System Restore Info ======================
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.selectedEngine", "Google");
user_pref("keyword.url", "http://www.google.com/search?btnG=Google+Search&q=");
Added to C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Users\Marineide\AppData\Roaming\temp.ini deleted
C:\PROGRA~2\ProductData deleted
C:\Users\Marineide\Searches deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\config\systemprofile\Searches deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09/07/2014 09:45]
==== Firefox Extensions ======================
ProfilePath: C:\Users\MARINE~1\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default
- Undetermined - C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default\extensions\ascsurfingprotection@iobit.com
- Undetermined - C:\Program Files\IObit Apps Toolbar\FF
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Marineide\AppData\Roaming\Mozilla\Firefox\Profiles\gy4x9a9b.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Marineide\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
11B27E47D0217C20BFF2490AB657BE67 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll - Silverlight Plug-In
D19E6B87675A40D252EB8669F68403C5 - C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrlui.dll - Microsoft (R) Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09/07/2014 09:44]
Google Docs - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Advanced SystemCare Surfing Protection - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
YouTube - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Facebook Cover Maker - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjibidejkfaggepnbcnobhinfpojlcmb
Google Wallet - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Marineide\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Marineide\Desktop\Microsoft Office PowerPoint 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Marineide\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Marineide\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Marineide\Desktop\mateus mc`s\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced SystemCare 7.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files\HP\Digital Imaging\AppStudio\hpzsip.url
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe
C:\Users\Public\Desktop\SpywareBlaster.lnk - C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
==== shortcuts in Users Start Menu ======================
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1eD0b30.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\1eD0b30.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2Da2C20.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\2Da2C20.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3BEFEC3.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3BEFEC3.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3EebCCD.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3EebCCD.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4C1bdfc.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\4C1bdfc.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aCddBaB.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\aCddBaB.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cd2ACE6.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Cd2ACE6.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cfd1eEb.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\cfd1eEb.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eaa5CfC.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Eaa5CfC.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdeE0b4.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\EdeE0b4.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f1fC6Cb.lnk - C:\Users\Marineide\AppData\Roaming\Microsoft\Update\f1fC6Cb.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 7.lnk - C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Brasfoot2014.lnk - C:\Brasfoot2014\bf2014.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marineide\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6 deleted successfully
==== Empty IE Cache ======================
C:\Users\Marineide\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marineide\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Marineide\AppData\Local\Mozilla\Firefox\Profiles\gy4x9a9b.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=12 folders=3 4609 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Marineide\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\MARINE~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 16/07/2014 at 5:05:05,89 ======================
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por Power Max Qua 16 Jul 2014, 09:57
Abra o Internet Explorer > Clique em Ferramentas > Opções da Internet > Conexões > Configurações da LAN > Desmarque esta caixinha:
Usar script de configuração automática
E marque esta outra caixinha:
Detectar automaticamente as configurações
E desmarque esta outra caixinha:
Usar um servidor proxy para a rede local
E depois disto clique em OK.
___________________________________________________________________________________
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Usar script de configuração automática
E marque esta outra caixinha:
Detectar automaticamente as configurações
E desmarque esta outra caixinha:
Usar um servidor proxy para a rede local
E depois disto clique em OK.
___________________________________________________________________________________
Baixe o programa Junkware Removal Tool no link abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 10:15
Referente as instruções para o IE não tem como serrem feitas pois abro ele e fecha-se de imediato, o JRT tentei usar mas há uma espécie de travamento que impede usar em modo normal, fui usar no modo de segurança mas não sai da tela do CDM preta apenas e o crome continua abrindo varias guias sozinho.
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por Power Max Qua 16 Jul 2014, 10:56
Não precisa abrir o Internet Explorer então. É só ir na pesquisa do Windows > Digite Opções da Internet > e aí siga aqueles passos que lhe indiquei e me diga se deu certo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 11:13
Lá já estava do jeito descrito a ser feito.
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por Power Max Qua 16 Jul 2014, 11:15
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 11:32
~ Relatório do ZHPDiag v2014.7.16.105 - Nicolas Coolman (16/07/2014)
~ Iniciado por Marineide (16/07/2014 11:27:18)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
ESET Online Scanner v3
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 10 ActiveX
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1908 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 44 GB (56%) free of 78 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MARINEIDE-PC
~ User Name: Marineide
~ All Users Names: Marineide, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marineide\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marineide\AppData\Roaming\
~ %Desktop% : C:\Users\Marineide\Desktop\
~ %Favorites% : C:\Users\Marineide\Favorites\
~ %LocalAppData% : C:\Users\Marineide\AppData\Local\
~ %StartMenu% : C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 44 Go of 78 Go)
D: Hard drive, Flash drive, Thumb drive (Free 378 Go of 388 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/29
~ Mes musiques (My Musics) : 1/67
~ Mes Videos (My Videos) : 5/36
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 11/108
~ Mon Bureau (My Desktop) : 1/1235
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 10s
---\\ Processos lançados
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.2744]
[MD5.E5703839EE9DD7FACE721CF56E3F9963] - (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\MCShieldRTM.exe [650816] [PID.2960]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\1eD0b30.exe [69632] [PID.3480]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\2Da2C20.exe [69632] [PID.3652]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3BEFEC3.exe [69632] [PID.3844]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3EebCCD.exe [69632] [PID.3944]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\4C1bdfc.exe [69632] [PID.4008]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\aCddBaB.exe [69632] [PID.980]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Cd2ACE6.exe [69632] [PID.2864]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\cfd1eEb.exe [69632] [PID.2936]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Eaa5CfC.exe [69632] [PID.2664]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\EdeE0b4.exe [69632] [PID.3288]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\f1fC6Cb.exe [69632] [PID.2700]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4252]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8076800] [PID.7540]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\mcshieldrtm.exe
O4 - HKCU\..\Run: [16491] C:\Users\Marineide\AppData\Roaming\005f\16491.js (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Marineide\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3294059013-1081372751-996367163-1000\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\mcshieldrtm.exe
O4 - HKUS\S-1-5-21-3294059013-1081372751-996367163-1000\..\Run: [16491] C:\Users\Marineide\AppData\Roaming\005f\16491.js (.not file.)
O4 - HKUS\S-1-5-21-3294059013-1081372751-996367163-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Marineide\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3294059013-1081372751-996367163-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3294059013-1081372751-996367163-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 08s
---\\ Software instalados (042)
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM] -- MCShield
O42 - Logiciel: dtac aircard - (.dtac aircard.) [HKLM] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 13 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Brasfoot2014]
[HKCU\Software\InfoSpace.com]
[HKCU\Software\MCShield]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\dtac aircard]
~ Key Software: 223 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/07/2013 - 20:28:13 - [] ----D C:\Program Files\dtac aircard
O43 - CFD: 04/05/2014 - 16:28:54 - [] ----D C:\Program Files\MCShield
O43 - CFD: 16/07/2014 - 11:24:58 - [] ----D C:\ProgramData\MCShield
O43 - CFD: 14/05/2014 - 13:53:30 - [0] -SH-D C:\Users\Marineide\AppData\Roaming\005f
O43 - CFD: 07/04/2014 - 21:14:27 - [0] ----D C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot2014
~ Program Folder: 147 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 16/07/2014 - 05:02:04 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.DE51B43679DD9143F07FC9222B82BF0B] - 16/07/2014 - 05:05:05 ---A- . (...) -- C:\zoek-results.log [16489]
O44 - LFC:[MD5.F2F43759AAA71351E1EF3F787B6E39E8] - 16/07/2014 - 05:20:10 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147848]
O44 - LFC:[MD5.40B54BC8CB5CD8F70FB42776273F6DD5] - 16/07/2014 - 05:20:10 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706008]
O44 - LFC:[MD5.ADF83E2C7C1DA79A82B9B6F111E042D9] - 16/07/2014 - 10:17:46 ---A- . (...) -- C:\Windows\ntbtlog.txt [140020]
~ Files: 71 Legitimates Filtered in 00mn 11s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - (no name) - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\autodetect [Key] . (.No owner - AutoDect.) -- C:\Windows\system32\SupportAppXL\AutoDect.exe
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/12/2011 - 09:22:32 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [141312]
O58 - SDL:09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/07/2014 - 09:45:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:30/08/2010 - 17:13:18 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [100744]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 84 Legitimates Filtered in 00mn 33s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 130 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][05/11/2013] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\Marineide\Desktop\ATF-Cleaner.exe [50688]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\Marineide\Desktop\PureRa.exe [76565]
[MD5.782B87DDCA0DD7127DB51A47DCA3DFBE] [SPRF][14/07/2014] (...) -- C:\Users\Marineide\Desktop\zoek.com [1417360]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 05/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 02/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/12/2011 241936 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 05/12/2011 509440 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 09/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 05/12/2011 104208 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 08/12/2011 653584 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 01/07/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 25/03/2010 490280 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 107792 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 01/07/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 722704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 18s
---\\ Scâner Aditional (088)
Database Version : 13026 - (16/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 248685 Items scanned in 00mn 40s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s
~ 810 Legitimates filtered by white list
End of the scan (420 lines in 02mn 53s)(0)
~ Iniciado por Marineide (16/07/2014 11:27:18)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
ESET Online Scanner v3
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 10 ActiveX
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1908 MB (27% free)
System Restore: Activé (Enable)
System drive C: has 44 GB (56%) free of 78 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MARINEIDE-PC
~ User Name: Marineide
~ All Users Names: Marineide, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marineide\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marineide\AppData\Roaming\
~ %Desktop% : C:\Users\Marineide\Desktop\
~ %Favorites% : C:\Users\Marineide\Favorites\
~ %LocalAppData% : C:\Users\Marineide\AppData\Local\
~ %StartMenu% : C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 44 Go of 78 Go)
D: Hard drive, Flash drive, Thumb drive (Free 378 Go of 388 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/29
~ Mes musiques (My Musics) : 1/67
~ Mes Videos (My Videos) : 5/36
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 11/108
~ Mon Bureau (My Desktop) : 1/1235
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 10s
---\\ Processos lançados
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.2744]
[MD5.E5703839EE9DD7FACE721CF56E3F9963] - (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\MCShieldRTM.exe [650816] [PID.2960]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\1eD0b30.exe [69632] [PID.3480]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\2Da2C20.exe [69632] [PID.3652]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3BEFEC3.exe [69632] [PID.3844]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3EebCCD.exe [69632] [PID.3944]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\4C1bdfc.exe [69632] [PID.4008]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\aCddBaB.exe [69632] [PID.980]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Cd2ACE6.exe [69632] [PID.2864]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\cfd1eEb.exe [69632] [PID.2936]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Eaa5CfC.exe [69632] [PID.2664]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\EdeE0b4.exe [69632] [PID.3288]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\f1fC6Cb.exe [69632] [PID.2700]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4252]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8076800] [PID.7540]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\mcshieldrtm.exe
O4 - HKCU\..\Run: [16491] C:\Users\Marineide\AppData\Roaming\005f\16491.js (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Marineide\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3294059013-1081372751-996367163-1000\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\mcshieldrtm.exe
O4 - HKUS\S-1-5-21-3294059013-1081372751-996367163-1000\..\Run: [16491] C:\Users\Marineide\AppData\Roaming\005f\16491.js (.not file.)
O4 - HKUS\S-1-5-21-3294059013-1081372751-996367163-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Marineide\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3294059013-1081372751-996367163-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3294059013-1081372751-996367163-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 08s
---\\ Software instalados (042)
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM] -- MCShield
O42 - Logiciel: dtac aircard - (.dtac aircard.) [HKLM] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 13 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Brasfoot2014]
[HKCU\Software\InfoSpace.com]
[HKCU\Software\MCShield]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\dtac aircard]
~ Key Software: 223 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/07/2013 - 20:28:13 - [] ----D C:\Program Files\dtac aircard
O43 - CFD: 04/05/2014 - 16:28:54 - [] ----D C:\Program Files\MCShield
O43 - CFD: 16/07/2014 - 11:24:58 - [] ----D C:\ProgramData\MCShield
O43 - CFD: 14/05/2014 - 13:53:30 - [0] -SH-D C:\Users\Marineide\AppData\Roaming\005f
O43 - CFD: 07/04/2014 - 21:14:27 - [0] ----D C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot2014
~ Program Folder: 147 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 16/07/2014 - 05:02:04 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.DE51B43679DD9143F07FC9222B82BF0B] - 16/07/2014 - 05:05:05 ---A- . (...) -- C:\zoek-results.log [16489]
O44 - LFC:[MD5.F2F43759AAA71351E1EF3F787B6E39E8] - 16/07/2014 - 05:20:10 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147848]
O44 - LFC:[MD5.40B54BC8CB5CD8F70FB42776273F6DD5] - 16/07/2014 - 05:20:10 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706008]
O44 - LFC:[MD5.ADF83E2C7C1DA79A82B9B6F111E042D9] - 16/07/2014 - 10:17:46 ---A- . (...) -- C:\Windows\ntbtlog.txt [140020]
~ Files: 71 Legitimates Filtered in 00mn 11s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - (no name) - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\autodetect [Key] . (.No owner - AutoDect.) -- C:\Windows\system32\SupportAppXL\AutoDect.exe
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/12/2011 - 09:22:32 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [141312]
O58 - SDL:09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/07/2014 - 09:45:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:30/08/2010 - 17:13:18 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [100744]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 84 Legitimates Filtered in 00mn 33s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 130 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][05/11/2013] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\Marineide\Desktop\ATF-Cleaner.exe [50688]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\Marineide\Desktop\PureRa.exe [76565]
[MD5.782B87DDCA0DD7127DB51A47DCA3DFBE] [SPRF][14/07/2014] (...) -- C:\Users\Marineide\Desktop\zoek.com [1417360]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 05/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 02/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/12/2011 241936 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 05/12/2011 509440 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 09/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 05/12/2011 104208 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 08/12/2011 653584 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 01/07/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 25/03/2010 490280 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 107792 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 01/07/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 722704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 18s
---\\ Scâner Aditional (088)
Database Version : 13026 - (16/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 248685 Items scanned in 00mn 40s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s
~ 810 Legitimates filtered by white list
End of the scan (420 lines in 02mn 53s)(0)
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por Power Max Qua 16 Jul 2014, 11:41
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Seg 21 Jul 2014, 10:41, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 11:50
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Marineide at 16/07/2014 11:48:24
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Valores do Registo ==========
ELIMINÉ RunValue: 16491
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (127) (7.735.666 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
7 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 53s
========== Caminho do ficheiro do relatório ==========
C:\Users\Marineide\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/07/2014 11:48:28 [1068]
Fichier d'export Registre :
Run by Marineide at 16/07/2014 11:48:24
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Valores do Registo ==========
ELIMINÉ RunValue: 16491
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (127) (7.735.666 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
7 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 53s
========== Caminho do ficheiro do relatório ==========
C:\Users\Marineide\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/07/2014 11:48:28 [1068]
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por Power Max Qua 16 Jul 2014, 11:58
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 12:00
~ Relatório do ZHPDiag v2014.7.16.105 - Nicolas Coolman (16/07/2014)
~ Iniciado por Marineide (16/07/2014 11:52:22)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
ESET Online Scanner v3
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 10 ActiveX
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1908 MB (29% free)
System Restore: Activé (Enable)
System drive C: has 46 GB (58%) free of 78 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MARINEIDE-PC
~ User Name: Marineide
~ All Users Names: Marineide, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marineide\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marineide\AppData\Roaming\
~ %Desktop% : C:\Users\Marineide\Desktop\
~ %Favorites% : C:\Users\Marineide\Favorites\
~ %LocalAppData% : C:\Users\Marineide\AppData\Local\
~ %StartMenu% : C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 46 Go of 78 Go)
D: Hard drive, Flash drive, Thumb drive (Free 378 Go of 388 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/29
~ Mes musiques (My Musics) : 1/67
~ Mes Videos (My Videos) : 5/36
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 11/108
~ Mon Bureau (My Desktop) : 1/1236
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.2744]
[MD5.E5703839EE9DD7FACE721CF56E3F9963] - (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\MCShieldRTM.exe [650816] [PID.2960]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\1eD0b30.exe [69632] [PID.3480]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\2Da2C20.exe [69632] [PID.3652]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3BEFEC3.exe [69632] [PID.3844]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3EebCCD.exe [69632] [PID.3944]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\4C1bdfc.exe [69632] [PID.4008]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\aCddBaB.exe [69632] [PID.980]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Cd2ACE6.exe [69632] [PID.2864]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\cfd1eEb.exe [69632] [PID.2936]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Eaa5CfC.exe [69632] [PID.2664]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\EdeE0b4.exe [69632] [PID.3288]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\f1fC6Cb.exe [69632] [PID.2700]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4448]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8076800] [PID.2920]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\mcshieldrtm.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Marineide\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3294059013-1081372751-996367163-1000\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\mcshieldrtm.exe
O4 - HKUS\S-1-5-21-3294059013-1081372751-996367163-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Marineide\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3294059013-1081372751-996367163-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3294059013-1081372751-996367163-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s
---\\ Software instalados (042)
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM] -- MCShield
O42 - Logiciel: dtac aircard - (.dtac aircard.) [HKLM] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 13 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Brasfoot2014]
[HKCU\Software\InfoSpace.com]
[HKCU\Software\MCShield]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\dtac aircard]
~ Key Software: 223 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/07/2013 - 20:28:13 - [] ----D C:\Program Files\dtac aircard
O43 - CFD: 04/05/2014 - 16:28:54 - [] ----D C:\Program Files\MCShield
O43 - CFD: 16/07/2014 - 11:46:58 - [] ----D C:\ProgramData\MCShield
O43 - CFD: 07/04/2014 - 21:14:27 - [0] ----D C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot2014
~ Program Folder: 146 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 16/07/2014 - 05:02:04 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.DE51B43679DD9143F07FC9222B82BF0B] - 16/07/2014 - 05:05:05 ---A- . (...) -- C:\zoek-results.log [16489]
O44 - LFC:[MD5.F2F43759AAA71351E1EF3F787B6E39E8] - 16/07/2014 - 05:20:10 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147848]
O44 - LFC:[MD5.40B54BC8CB5CD8F70FB42776273F6DD5] - 16/07/2014 - 05:20:10 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706008]
O44 - LFC:[MD5.ADF83E2C7C1DA79A82B9B6F111E042D9] - 16/07/2014 - 10:17:46 ---A- . (...) -- C:\Windows\ntbtlog.txt [140020]
~ Files: 71 Legitimates Filtered in 00mn 06s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - (no name) - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\autodetect [Key] . (.No owner - AutoDect.) -- C:\Windows\system32\SupportAppXL\AutoDect.exe
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/12/2011 - 09:22:32 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [141312]
O58 - SDL:09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/07/2014 - 09:45:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:30/08/2010 - 17:13:18 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [100744]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 84 Legitimates Filtered in 00mn 23s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 130 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][05/11/2013] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\Marineide\Desktop\ATF-Cleaner.exe [50688]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\Marineide\Desktop\PureRa.exe [76565]
[MD5.782B87DDCA0DD7127DB51A47DCA3DFBE] [SPRF][14/07/2014] (...) -- C:\Users\Marineide\Desktop\zoek.com [1417360]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 05/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 02/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/12/2011 241936 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 05/12/2011 509440 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 09/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 05/12/2011 104208 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 08/12/2011 653584 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 01/07/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 25/03/2010 490280 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 107792 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 01/07/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 722704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 13s
---\\ Scâner Aditional (088)
Database Version : 13026 - (16/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 248553 Items scanned in 00mn 36s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s
~ 809 Legitimates filtered by white list
End of the scan (417 lines in 02mn 11s)(0)
~ Iniciado por Marineide (16/07/2014 11:52:22)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2021
Malwarebytes Anti-Malware versão 2.0.2.1012
ESET Online Scanner v3
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 10 ActiveX
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1908 MB (29% free)
System Restore: Activé (Enable)
System drive C: has 46 GB (58%) free of 78 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MARINEIDE-PC
~ User Name: Marineide
~ All Users Names: Marineide, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marineide\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marineide\AppData\Roaming\
~ %Desktop% : C:\Users\Marineide\Desktop\
~ %Favorites% : C:\Users\Marineide\Favorites\
~ %LocalAppData% : C:\Users\Marineide\AppData\Local\
~ %StartMenu% : C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 46 Go of 78 Go)
D: Hard drive, Flash drive, Thumb drive (Free 378 Go of 388 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.CCC198257901BEEA2FBF8EB1E7678356] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:13:59.) -- C:\Windows\System32\wininet.dll [1791488]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/29
~ Mes musiques (My Musics) : 1/67
~ Mes Videos (My Videos) : 5/36
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 11/108
~ Mon Bureau (My Desktop) : 1/1236
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.26AFC1F16494FFE66F2197153B342A27] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432] [PID.2744]
[MD5.E5703839EE9DD7FACE721CF56E3F9963] - (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\MCShieldRTM.exe [650816] [PID.2960]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\1eD0b30.exe [69632] [PID.3480]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\2Da2C20.exe [69632] [PID.3652]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3BEFEC3.exe [69632] [PID.3844]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3EebCCD.exe [69632] [PID.3944]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\4C1bdfc.exe [69632] [PID.4008]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\aCddBaB.exe [69632] [PID.980]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Cd2ACE6.exe [69632] [PID.2864]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\cfd1eEb.exe [69632] [PID.2936]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Eaa5CfC.exe [69632] [PID.2664]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\EdeE0b4.exe [69632] [PID.3288]
[MD5.0EFC6C3479F077F1D396E542B1B1EFC1] - (.PreSoftwares, Inc - No Comment.) -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\f1fC6Cb.exe [69632] [PID.2700]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4448]
[MD5.BCD68F99E6751218BE8D513BF24896F3] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8076800] [PID.2920]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] - (...) -- C:\Program Files\ZHPDiag\pv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marineide\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\mcshieldrtm.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Marineide\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3294059013-1081372751-996367163-1000\..\Run: [MCShield Monitor] . (.MyCity - MCShield Real-Time Monitor.) -- C:\Program Files\MCShield\mcshieldrtm.exe
O4 - HKUS\S-1-5-21-3294059013-1081372751-996367163-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Marineide\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D90B7B71-49C4-4211-B351-E9AA81D09863}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3294059013-1081372751-996367163-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3294059013-1081372751-996367163-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s
---\\ Software instalados (042)
O42 - Logiciel: MCShield ::Anti-Malware Tool:: - (.MyCity.) [HKLM] -- MCShield
O42 - Logiciel: dtac aircard - (.dtac aircard.) [HKLM] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 13 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Brasfoot2014]
[HKCU\Software\InfoSpace.com]
[HKCU\Software\MCShield]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\dtac aircard]
~ Key Software: 223 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/07/2013 - 20:28:13 - [] ----D C:\Program Files\dtac aircard
O43 - CFD: 04/05/2014 - 16:28:54 - [] ----D C:\Program Files\MCShield
O43 - CFD: 16/07/2014 - 11:46:58 - [] ----D C:\ProgramData\MCShield
O43 - CFD: 07/04/2014 - 21:14:27 - [0] ----D C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brasfoot2014
~ Program Folder: 146 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3BFBB5DAE801CB893B8B46345FED6437] - 09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 16/07/2014 - 05:02:04 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.DE51B43679DD9143F07FC9222B82BF0B] - 16/07/2014 - 05:05:05 ---A- . (...) -- C:\zoek-results.log [16489]
O44 - LFC:[MD5.F2F43759AAA71351E1EF3F787B6E39E8] - 16/07/2014 - 05:20:10 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147848]
O44 - LFC:[MD5.40B54BC8CB5CD8F70FB42776273F6DD5] - 16/07/2014 - 05:20:10 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706008]
O44 - LFC:[MD5.ADF83E2C7C1DA79A82B9B6F111E042D9] - 16/07/2014 - 10:17:46 ---A- . (...) -- C:\Windows\ntbtlog.txt [140020]
~ Files: 71 Legitimates Filtered in 00mn 06s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - (no name) - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\autodetect [Key] . (.No owner - AutoDect.) -- C:\Windows\system32\SupportAppXL\AutoDect.exe
~ SMSR Keys: 9 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/12/2011 - 09:22:32 ---A- . (.Windows (R) Win 7 DDK provider - Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) -- C:\Windows\System32\Drivers\AmpPal.sys [141312]
O58 - SDL:09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:09/07/2014 - 09:45:06 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/07/2014 - 09:45:07 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [192352] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:30/08/2010 - 17:13:18 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [100744]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 84 Legitimates Filtered in 00mn 23s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/07/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 130 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D9DE89F0FAF18019BC9595F0F47BCA61] [SPRF][05/11/2013] (.Atribune.org - ATF Cleaner.exe.) -- C:\Users\Marineide\Desktop\ATF-Cleaner.exe [50688]
[MD5.64BAEC464B396B66A353D8FC2F42A4E3] [SPRF][31/07/2011] (.RaProducts.org - System Purification Tool.) -- C:\Users\Marineide\Desktop\PureRa.exe [76565]
[MD5.782B87DDCA0DD7127DB51A47DCA3DFBE] [SPRF][14/07/2014] (...) -- C:\Users\Marineide\Desktop\zoek.com [1417360]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 05/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 03/12/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 02/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/12/2011 241936 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Demand 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 05/12/2011 509440 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 09/07/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 05/12/2011 104208 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 08/12/2011 653584 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 01/07/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 25/03/2010 490280 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 107792 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 01/07/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/12/2011 722704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 13s
---\\ Scâner Aditional (088)
Database Version : 13026 - (16/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 248553 Items scanned in 00mn 36s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s
~ 809 Legitimates filtered by white list
End of the scan (417 lines in 02mn 11s)(0)
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por Power Max Qua 16 Jul 2014, 12:10
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Seg 21 Jul 2014, 10:42, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 12:14
Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Marineide at 16/07/2014 12:13:51
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 28s
========== Caminho do ficheiro do relatório ==========
C:\Users\Marineide\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/07/2014 11:48:28 [1152]
C:\Users\Marineide\AppData\Roaming\ZHP\ZHPFix[R2].txt - 16/07/2014 12:13:54 [857]
Fichier d'export Registre :
Run by Marineide at 16/07/2014 12:13:51
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 28s
========== Caminho do ficheiro do relatório ==========
C:\Users\Marineide\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/07/2014 11:48:28 [1152]
C:\Users\Marineide\AppData\Roaming\ZHP\ZHPFix[R2].txt - 16/07/2014 12:13:54 [857]
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por Power Max Qua 16 Jul 2014, 12:19
Baixe o RogueKiller e salve no Desktop (área de trabalho):[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Execute o arquivo RogueKiller.exe
Clique com o botão direito do mouse sobre o arquivo RogueKiller.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Neste momento poderá surgir uma mensagem de confirmação do Windows com a pergunta Deseja permitir que o programa de um fornecedor desconhecido faça alterações neste computador? > Clique em Sim.
Após isto surgirá uma mensagem do RogueKiller perguntando se você aceita os termos de uso ao executá-lo. Clique em Aceitar para prosseguir. Automaticamente irá se abrir uma página de seu navegador no site do RogueKiller no qual ele agradece pela sua instalação, feche esta página e volte ao programa RogueKiller.
Clique no botão Verificar e aguarde o exame finalizar.
Clique no botão Report. Abrirá um bloco de notas com informações.
Este log é salvo no desktop com o nome de RKreport[0].txt.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Nota: Caso tenha mais de um arquivo RKreport[x].txt, poste o conteúdo de todos.
OBS: não use o botão Deletar pois precisamos avaliar os itens antes de fazer isso.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 12:41
RogueKiller V9.2.3.0 [Jul 11 2014] Por Adlice Software
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : Marineide [Privilegios de Admnistrador]
Modo : Verificar -- Data : 07/16/2014 12:39:27
¤¤¤ Entradas ruins : 11 ¤¤¤
[Suspicious.Path] 1eD0b30.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\1eD0b30.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] 2Da2C20.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\2Da2C20.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] 3BEFEC3.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3BEFEC3.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] 3EebCCD.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3EebCCD.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] 4C1bdfc.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\4C1bdfc.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] aCddBaB.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\aCddBaB.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] Cd2ACE6.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Cd2ACE6.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] cfd1eEb.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\cfd1eEb.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] Eaa5CfC.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Eaa5CfC.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] EdeE0b4.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\EdeE0b4.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] f1fC6Cb.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\f1fC6Cb.exe[-] -> FINALIZADO [TermProc]
¤¤¤ Entradas do Registro : 8 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ENCONTRADO
[PUM.Policies] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ENCONTRADO
[PUM.Desktop] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> ENCONTRADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> ENCONTRADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> ENCONTRADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | FirewallDisableNotify : 1 -> ENCONTRADO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> ENCONTRADO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> ENCONTRADO
¤¤¤ As tarefas agendadas : 0 ¤¤¤
¤¤¤ Arquivos : 11 ¤¤¤
[Suspicious.Path][arquivo] 1eD0b30.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1eD0b30.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\1eD0b30.exe -> ENCONTRADO
[Suspicious.Path][arquivo] 2Da2C20.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2Da2C20.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\2Da2C20.exe -> ENCONTRADO
[Suspicious.Path][arquivo] 3BEFEC3.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3BEFEC3.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\3BEFEC3.exe -> ENCONTRADO
[Suspicious.Path][arquivo] 3EebCCD.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3EebCCD.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\3EebCCD.exe -> ENCONTRADO
[Suspicious.Path][arquivo] 4C1bdfc.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4C1bdfc.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\4C1bdfc.exe -> ENCONTRADO
[Suspicious.Path][arquivo] aCddBaB.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aCddBaB.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\aCddBaB.exe -> ENCONTRADO
[Suspicious.Path][arquivo] Cd2ACE6.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cd2ACE6.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\Cd2ACE6.exe -> ENCONTRADO
[Suspicious.Path][arquivo] cfd1eEb.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cfd1eEb.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\cfd1eEb.exe -> ENCONTRADO
[Suspicious.Path][arquivo] Eaa5CfC.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eaa5CfC.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\Eaa5CfC.exe -> ENCONTRADO
[Suspicious.Path][arquivo] EdeE0b4.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdeE0b4.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\EdeE0b4.exe -> ENCONTRADO
[Suspicious.Path][arquivo] f1fC6Cb.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f1fC6Cb.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\f1fC6Cb.exe -> ENCONTRADO
¤¤¤ Arquivo de Hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
¤¤¤ Os navegadores da Web : 0 ¤¤¤
¤¤¤ Verificaçao do MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HN-M500MBB ATA Device +++++
--- User ---
[MBR] 194afcebb6262303d49808d3e1dac903
[BSP] 92c7755feb2c73af0b3aa6bd4158ca4f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 79902 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 163846935 | Size: 396926 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Kingston DataTraveler G3 USB Device +++++
--- User ---
[MBR] b745fe69895cdb3565ee906fbc1b31a8
[BSP] 4f61bfa4f8a094f47498cc3ed6bd6622 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1634493285 | Size: 935406 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 28049408 | Size: 0 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : Marineide [Privilegios de Admnistrador]
Modo : Verificar -- Data : 07/16/2014 12:39:27
¤¤¤ Entradas ruins : 11 ¤¤¤
[Suspicious.Path] 1eD0b30.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\1eD0b30.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] 2Da2C20.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\2Da2C20.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] 3BEFEC3.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3BEFEC3.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] 3EebCCD.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\3EebCCD.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] 4C1bdfc.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\4C1bdfc.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] aCddBaB.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\aCddBaB.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] Cd2ACE6.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Cd2ACE6.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] cfd1eEb.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\cfd1eEb.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] Eaa5CfC.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\Eaa5CfC.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] EdeE0b4.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\EdeE0b4.exe[-] -> FINALIZADO [TermProc]
[Suspicious.Path] f1fC6Cb.exe -- C:\Users\Marineide\AppData\Roaming\Microsoft\Update\f1fC6Cb.exe[-] -> FINALIZADO [TermProc]
¤¤¤ Entradas do Registro : 8 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ENCONTRADO
[PUM.Policies] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ENCONTRADO
[PUM.Desktop] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> ENCONTRADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> ENCONTRADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> ENCONTRADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | FirewallDisableNotify : 1 -> ENCONTRADO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> ENCONTRADO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> ENCONTRADO
¤¤¤ As tarefas agendadas : 0 ¤¤¤
¤¤¤ Arquivos : 11 ¤¤¤
[Suspicious.Path][arquivo] 1eD0b30.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1eD0b30.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\1eD0b30.exe -> ENCONTRADO
[Suspicious.Path][arquivo] 2Da2C20.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2Da2C20.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\2Da2C20.exe -> ENCONTRADO
[Suspicious.Path][arquivo] 3BEFEC3.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3BEFEC3.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\3BEFEC3.exe -> ENCONTRADO
[Suspicious.Path][arquivo] 3EebCCD.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3EebCCD.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\3EebCCD.exe -> ENCONTRADO
[Suspicious.Path][arquivo] 4C1bdfc.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4C1bdfc.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\4C1bdfc.exe -> ENCONTRADO
[Suspicious.Path][arquivo] aCddBaB.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aCddBaB.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\aCddBaB.exe -> ENCONTRADO
[Suspicious.Path][arquivo] Cd2ACE6.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cd2ACE6.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\Cd2ACE6.exe -> ENCONTRADO
[Suspicious.Path][arquivo] cfd1eEb.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cfd1eEb.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\cfd1eEb.exe -> ENCONTRADO
[Suspicious.Path][arquivo] Eaa5CfC.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eaa5CfC.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\Eaa5CfC.exe -> ENCONTRADO
[Suspicious.Path][arquivo] EdeE0b4.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdeE0b4.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\EdeE0b4.exe -> ENCONTRADO
[Suspicious.Path][arquivo] f1fC6Cb.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f1fC6Cb.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\f1fC6Cb.exe -> ENCONTRADO
¤¤¤ Arquivo de Hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
¤¤¤ Os navegadores da Web : 0 ¤¤¤
¤¤¤ Verificaçao do MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HN-M500MBB ATA Device +++++
--- User ---
[MBR] 194afcebb6262303d49808d3e1dac903
[BSP] 92c7755feb2c73af0b3aa6bd4158ca4f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 79902 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 163846935 | Size: 396926 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Kingston DataTraveler G3 USB Device +++++
--- User ---
[MBR] b745fe69895cdb3565ee906fbc1b31a8
[BSP] 4f61bfa4f8a094f47498cc3ed6bd6622 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1634493285 | Size: 935406 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 28049408 | Size: 0 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por Power Max Qua 16 Jul 2014, 12:46
Para fazer a limpeza dos problemas:
Caso já tenha fechado a janela do RogueKiller, clique com o botão direito do mouse sobre o arquivo RogueKiller.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Neste momento poderá surgir uma mensagem de confirmação do Windows com a pergunta Deseja permitir que o programa de um fornecedor desconhecido faça alterações neste computador? > Clique em Sim.
Aguarde até que o Pre-scan dele termine. Clique no botão Verificar e aguarde o exame finalizar.
Assim que concluir, clique no botão Deletar.
Clique no botão Report. Abrirá um bloco de notas com informações.
Este log é salvo também no desktop com o nome de RKreport[1].txt.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Caso já tenha fechado a janela do RogueKiller, clique com o botão direito do mouse sobre o arquivo RogueKiller.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Neste momento poderá surgir uma mensagem de confirmação do Windows com a pergunta Deseja permitir que o programa de um fornecedor desconhecido faça alterações neste computador? > Clique em Sim.
Aguarde até que o Pre-scan dele termine. Clique no botão Verificar e aguarde o exame finalizar.
Assim que concluir, clique no botão Deletar.
Clique no botão Report. Abrirá um bloco de notas com informações.
Este log é salvo também no desktop com o nome de RKreport[1].txt.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 13:13
RogueKiller V9.2.3.0 [Jul 11 2014] Por Adlice Software
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : Marineide [Privilegios de Admnistrador]
Modo : Remover -- Data : 07/16/2014 13:05:47
¤¤¤ Entradas ruins : 0 ¤¤¤
¤¤¤ Entradas do Registro : 8 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NÃO SELECIONADO
[PUM.Policies] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NÃO SELECIONADO
[PUM.Desktop] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> NÃO SELECIONADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> NÃO SELECIONADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> NÃO SELECIONADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | FirewallDisableNotify : 1 -> NÃO SELECIONADO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NÃO SELECIONADO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NÃO SELECIONADO
¤¤¤ As tarefas agendadas : 0 ¤¤¤
¤¤¤ Arquivos : 11 ¤¤¤
[Suspicious.Path][arquivo] 1eD0b30.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1eD0b30.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\1eD0b30.exe -> DELETADO
[Suspicious.Path][arquivo] 2Da2C20.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2Da2C20.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\2Da2C20.exe -> DELETADO
[Suspicious.Path][arquivo] 3BEFEC3.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3BEFEC3.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\3BEFEC3.exe -> DELETADO
[Suspicious.Path][arquivo] 3EebCCD.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3EebCCD.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\3EebCCD.exe -> DELETADO
[Suspicious.Path][arquivo] 4C1bdfc.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4C1bdfc.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\4C1bdfc.exe -> DELETADO
[Suspicious.Path][arquivo] aCddBaB.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aCddBaB.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\aCddBaB.exe -> DELETADO
[Suspicious.Path][arquivo] Cd2ACE6.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cd2ACE6.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\Cd2ACE6.exe -> DELETADO
[Suspicious.Path][arquivo] cfd1eEb.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cfd1eEb.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\cfd1eEb.exe -> DELETADO
[Suspicious.Path][arquivo] Eaa5CfC.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eaa5CfC.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\Eaa5CfC.exe -> DELETADO
[Suspicious.Path][arquivo] EdeE0b4.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdeE0b4.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\EdeE0b4.exe -> DELETADO
[Suspicious.Path][arquivo] f1fC6Cb.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f1fC6Cb.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\f1fC6Cb.exe -> DELETADO
¤¤¤ Arquivo de Hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
¤¤¤ Os navegadores da Web : 0 ¤¤¤
¤¤¤ Verificaçao do MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HN-M500MBB ATA Device +++++
--- User ---
[MBR] 194afcebb6262303d49808d3e1dac903
[BSP] 92c7755feb2c73af0b3aa6bd4158ca4f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 79902 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 163846935 | Size: 396926 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_07162014_123927.log - RKreport_SCN_07162014_130455.log
mail : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedback : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado em : Modo Normal
Usuario : Marineide [Privilegios de Admnistrador]
Modo : Remover -- Data : 07/16/2014 13:05:47
¤¤¤ Entradas ruins : 0 ¤¤¤
¤¤¤ Entradas do Registro : 8 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NÃO SELECIONADO
[PUM.Policies] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NÃO SELECIONADO
[PUM.Desktop] HKEY_USERS\S-1-5-21-3294059013-1081372751-996367163-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> NÃO SELECIONADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> NÃO SELECIONADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> NÃO SELECIONADO
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | FirewallDisableNotify : 1 -> NÃO SELECIONADO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NÃO SELECIONADO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NÃO SELECIONADO
¤¤¤ As tarefas agendadas : 0 ¤¤¤
¤¤¤ Arquivos : 11 ¤¤¤
[Suspicious.Path][arquivo] 1eD0b30.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1eD0b30.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\1eD0b30.exe -> DELETADO
[Suspicious.Path][arquivo] 2Da2C20.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2Da2C20.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\2Da2C20.exe -> DELETADO
[Suspicious.Path][arquivo] 3BEFEC3.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3BEFEC3.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\3BEFEC3.exe -> DELETADO
[Suspicious.Path][arquivo] 3EebCCD.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3EebCCD.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\3EebCCD.exe -> DELETADO
[Suspicious.Path][arquivo] 4C1bdfc.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4C1bdfc.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\4C1bdfc.exe -> DELETADO
[Suspicious.Path][arquivo] aCddBaB.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aCddBaB.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\aCddBaB.exe -> DELETADO
[Suspicious.Path][arquivo] Cd2ACE6.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cd2ACE6.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\Cd2ACE6.exe -> DELETADO
[Suspicious.Path][arquivo] cfd1eEb.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cfd1eEb.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\cfd1eEb.exe -> DELETADO
[Suspicious.Path][arquivo] Eaa5CfC.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eaa5CfC.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\Eaa5CfC.exe -> DELETADO
[Suspicious.Path][arquivo] EdeE0b4.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdeE0b4.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\EdeE0b4.exe -> DELETADO
[Suspicious.Path][arquivo] f1fC6Cb.lnk -- C:\Users\Marineide\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f1fC6Cb.lnk [LNK@] C:\Users\MARINE~1\AppData\Roaming\MICROS~1\Update\f1fC6Cb.exe -> DELETADO
¤¤¤ Arquivo de Hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
¤¤¤ Os navegadores da Web : 0 ¤¤¤
¤¤¤ Verificaçao do MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HN-M500MBB ATA Device +++++
--- User ---
[MBR] 194afcebb6262303d49808d3e1dac903
[BSP] 92c7755feb2c73af0b3aa6bd4158ca4f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 79902 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 163846935 | Size: 396926 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_07162014_123927.log - RKreport_SCN_07162014_130455.log
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 13:24
Já de cara o IE, Mozila e crome já estão normais vou fazer mais uns testes aqui. Qual era mesmo o pro?
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Re: Note com infecção
por luizvilarinho Qua 16 Jul 2014, 13:30
Beleza tudo ok, qual era o tipo de infecção mesmo? ia esquecendo, o IE não muda a pagina inicial mas vamos deixar assim.
Algum procedimento a ser realizado ainda?
Algum procedimento a ser realizado ainda?
luizvilarinho- Membro Pleno
- Mensagens : 855
Reputação : 4
Data de inscrição : 13/11/2013
Página 1 de 2 • 1, 2
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|