Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit  Social bookmarking google      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14538 usuários registrados
O último usuário registrado atende pelo nome de Asaseu

Os nossos membros postaram um total de 35544 mensagens em 3616 assuntos
Últimos assuntos
» windows 10 pro
por joram Sab 15 Ago 2020, 13:04

Quem está conectado
4 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 4 Visitantes :: 2 Motores de busca

Nenhum

O recorde de usuários online foi de 163 em Seg 02 Set 2019, 16:28
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Setembro 2020
SegTerQuaQuiSexSabDom
 123456
78910111213
14151617181920
21222324252627
282930    

Calendário Calendário


Vírus Win32:RmnDrp Estragando tudo!!!

Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Style_Games em Sab 02 Ago 2014, 19:57

Eu não sei de onde que eu consegui mas um vírus chamado Win32:RmnDrp do nada apareceu e começou a infectar tudo, as pastas, arquivos e etc, o Avast inclusive detectou ele mesmo! Isso é um BUG do Avast ou esse realmente é um vírus perigoso, pesquisei e pelo que ví eu deveria estar realmente com muito medo, afinal, essa praga é um Worm. >_<

Ps: Quanto mais rápido a ajuda, melhor, tenho até segunda pra concertar, depois disso meu primo vem pegar o PC de volta.
 Crying or Very sad  Crying or Very sad
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Sab 02 Ago 2014, 20:01

Olá.

zoek - Vírus Win32:RmnDrp Estragando tudo!!! 772309 Faça o download do < ZHPDiag > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Você precisa estar registrado e conectado para ver esta imagem.]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty ZHPCleaner - Bloco de Notas

Mensagem por Style_Games em Sab 02 Ago 2014, 20:08

~ ZHPCleaner v2014.8.2.49 by Nicolas Coolman (02/08/2014)
~ Run by Vídeos (02/08/2014 20:08:57)
~ WebSite : [Você precisa estar registrado e conectado para ver este link.]
~ Forum : [Você precisa estar registrado e conectado para ver este link.]
~ State version : Updated version
~ Report : C:\Users\Vídeos\Desktop\ZHPCleaner.txt
~ Report : C:\Users\Vídeos\AppData\Roaming\ZHP\ZHPCleaner.txt
~ Windows 7, 32-bit (Build 7600)



---\\ Restoration of the browsers default proxy settings,
REPLACED PARAMS: EnableHttp1_1 ( 1 )
REPLACED PARAMS: ProxyServer ( http=;ftp=;https=; )


---\\ Redirect Shortcut Browsers repair (Argument Infection)
~ Any necessary repairs


---\\ Startup Browser Microsoft Internet Explorer Repair
REPLACED PARAMS: Default_Page_URL ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Start Page ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Search Page ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Default_Page_URL ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Default_Search_URL ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Start Page ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Search Page ( [Você precisa estar registrado e conectado para ver este link.] )


---\\ Startup Browser Mozilla Firefox Repair


---\\ Startup Browser Coogle Chrome Repair
~ Any necessary repairs


---\\ Startup Browser Opera Sofware Opera Repair
~ Any necessary repairs


---\\ Browser Helper Objet Repair
~ Any necessary repairs


---\\ Toolbars Repair
~ Any necessary repairs


---\\ Defaul Browser Provider Repair (SearchScope)
REPLACED: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope ({0191A6B0-1154-4C22-9182-23A95BBE92D9})


---\\ Remove values from startup key changing the browser settings (Run)
~ Any necessary repairs


---\\ Removal of harmful extensions for Google Chrome (Manifest).
~ Any necessary repairs


End of clean at 20:09:00


Última edição por Style_Games em Sab 02 Ago 2014, 20:20, editado 2 vez(es)
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Sab 02 Ago 2014, 20:10

O programa que você usou foi o ZHPCleaner, foi bom usar ele pois ele removeu alguns problemas. Mas o que te pedi para usar foi o ZHPDiag, baixe ele naquele link que te passei, execute-o conforme o tutorial que te passei e poste o relatório dele.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty ZHPDiag.txt

Mensagem por Style_Games em Sab 02 Ago 2014, 20:20

~ Relatório do ZHPDiag v2014.8.2.112 - Nicolas Coolman (02/08/2014)
~ Iniciado por Vídeos (02/08/2014 20:16:53)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.10

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3071 MB (47% free)
System Restore: Désactivé (Disabled)
System drive C: has 146 GB (62%) free of 234 GB

---\\ Modo de conexão ao sistema
~ Computer Name: WIN7-PC
~ User Name: Vídeos
~ All Users Names: Win7, Vídeos, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Vídeos\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Vídeos\AppData\Roaming\
~ %Desktop% : C:\Users\Vídeos\Desktop\
~ %Favorites% : C:\Users\Vídeos\Favorites\
~ %LocalAppData% : C:\Users\Vídeos\AppData\Local\
~ %StartMenu% : C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 146 Go of 234 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 47 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C36E38AD3C7FAFF0E30C4CBCB28CE7FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.09/12/2013 - 20:24:25.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/5
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/55
~ Mon Bureau (My Desktop) : 1/792
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.3C958582E48340E84EF268E7661BA30E] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10029672] [PID.3448]
[MD5.2218928CF528D7BC295B1B4C69E9846C] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.3636]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3740]
[MD5.FB0C6F8A040626D689236AA913D6E8C9] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files\iSafe\iSafeTray.exe [1018696] [PID.4604] =>Trojan.Staser
[MD5.8F74F7A7D34894BC0396D3BD7C7A1CD8] - (.Elex do Brasil Participações Ltda - YAC.) -- C:\Program Files\iSafe\iSafe.exe [903496] [PID.1584] =>Trojan.Staser
[MD5.5DE352CABCB0C81664F58E7239F33691] - (.Elex do Brasil Participações Ltda - iSafeScan.) -- C:\Program Files\iSafe\iSafeScan.exe [463176] [PID.2580] =>Trojan.Staser
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3372]
[MD5.D97BF9F66430717C7981048CA88F2C63] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8084480] [PID.5448]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [panpiecllaicaafneoofcmdgmbcihhnd] MediaCaster by Ask v.101.14 (Désactivé)
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick start v.4.4.5, (Désactivé) =>PUP.QuickStart

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Vídeos\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\prefs.js
C:\Users\Vídeos\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\user.js
P2 - FPN: [HKLM] [@raidcall.en/RCplugin] - (.Raidcall - Raidcall plugin.) -- C:\Users\Vídeos\AppData\Roaming\rcru\plugins\nprcplugin.dll
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (.not file.)
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe,userinit.exe,c:\program files\microsoft\desktoplayer.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
O1 - Hosts: 46.151.82.194 ms.strikes.ru
O1 - Hosts: 46.151.82.194 ms.cs-monitor.ru
O1 - Hosts: 46.151.82.194 ms1.cs-exes.ru
O1 - Hosts: 46.151.82.194 ms2.cs-exes.ru
O1 - Hosts: 46.151.82.194 valve-master-server.com
O1 - Hosts: 46.151.82.194 css.setti.info
O1 - Hosts: 46.151.82.194 1.boostmaster.org
O1 - Hosts: 46.151.82.194 2.boostmaster.org
O1 - Hosts: 46.151.82.194 1.masterserver.su
O1 - Hosts: 46.151.82.194 2.masterserver.su
O1 - Hosts: 46.151.82.194 ms.cs-servera.net
O1 - Hosts: 46.151.82.194 ms.magesy.ru
O1 - Hosts: 46.151.82.194 ms2.magesy.ru
O1 - Hosts: 46.151.82.194 ms.set-master.ru
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 14



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Deal Keeper - {66c4d8f8-66d0-4eca-8946-d0f47b781e94} . (.Deal Keeper - Deal Keeper.) -- C:\Program Files\Deal Keeper\DealKeeperbho.dll =>PUP.DealKeeper
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Vídeos]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vídeos\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 03s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\RunOnce: [Del20310799] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKCU\..\RunOnce: [Del20310799] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4281788053-1957141794-1794633077-1003\..\RunOnce: [Del20310799] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files\Hewlett-Packard\Smart Print\SmartPrint.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8874AE17-665F-487A-9DA1-ACEFD0172C75}: DhcpNameServer = 201.10.120.3 201.10.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{8874AE17-665F-487A-9DA1-ACEFD0172C75}: DhcpNameServer = 201.10.120.3 201.10.1.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{8874AE17-665F-487A-9DA1-ACEFD0172C75}: DhcpNameServer = 201.10.120.3 201.10.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.10.120.3 201.10.1.2
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: appstoreService (appstoreService) . (.TODO: - TODO: .) - C:\Program Files\iSafe\appstore\appstoreSvc.exe =>Trojan.Staser
O23 - Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
O23 - Service: RBClientService (RBClientService) . (.Systweak - Right Backup.) - C:\Program Files\Right Backup\RBClientService.exe
~ Services: 7 Legitimates Filtered in 00mn 06s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (aswBoot.exe /M:119b31a10d /dir:"C:\Program Files\AVAST Software\Avast") - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [ASP] (...) -- C:\Program Files\RegClean Pro\SystweakASP.exe (.not file.) [0] =>Rogue.RegistryPowerCleaner
[MD5.00000000000000000000000000000000] [APT] [Baidu Antivirus Update] (...) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavUpdater.exe (.not file.) [0]
[MD5.E914628A578278D2D9204A0DF5BFC189] [APT] [Right Backup_startup] (.Systweak.) -- C:\Program Files\Right Backup\RightBackup.exe [5235312]
[MD5.3D9C36AEF23B3ECFDFD1375BBF1ACAA7] [APT] [update-S-1-5-21-4281788053-1957141794-1794633077-1000] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105760]
[MD5.3D9C36AEF23B3ECFDFD1375BBF1ACAA7] [APT] [update-sys] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105760]
[MD5.AD56E40F561B9155297AE64688EC02B7] [APT] [{156F5EC9-950B-473E-B23D-8D015E9F811A}] (.Re-Logic.) -- C:\Program Files\Terraria\Terraria.exe [3976192]
[MD5.AD56E40F561B9155297AE64688EC02B7] [APT] [{4406D373-73FB-44C7-9F8F-134984C6756E}] (.Re-Logic.) -- C:\Program Files\Terraria\Terraria.exe [3976192]
[MD5.00000000000000000000000000000000] [APT] [{8372A9A6-FDD7-485F-A0FA-0C15138CF59E}] (...) -- C:\Users\Vídeos\Downloads\CS 1.6 Full v7.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A54B3117-822F-4EAC-8E04-171A40E86D89}] (...) -- C:\Users\Vídeos\Downloads\Hearthstone-Beta-Setup-ptBR (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E297773D-D5EF-4A8F-9CBB-041504F47E79}] (...) -- C:\ongame\Pointblank\PBLauncher.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 06s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Installed Component - S-1-5-21-4281788053-1957141794-1794633077-1003 - {18RBRS56-01YN-DG4F-3750-KHY2CKMGW37H} -- Not Hexadécimal CLSID
O40 - ASIC: Installed Component - S-1-5-21-4281788053-1957141794-1794633077-1003 - {7G1H8MD8-7AGN-670G-O157-3Q03D3L1S6RH} -- Not Hexadécimal CLSID
~ Active Setup: 14 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files\iSafe\iSafeKrnl.sys
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files\iSafe\iSafeKrnlKit.sys
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files\iSafe\iSafeKrnlR3.sys
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Program Files\iSafe\iSafeNetFilter.sys =>Trojan.Staser
~ Drivers: 90 Legitimates Filtered in 00mn 10s



---\\ Software instalados (042)
O42 - Logiciel: Deal Keeper - (.Deal Keeper.) [HKLM] -- Deal Keeper =>PUP.DealKeeper
O42 - Logiciel: GDMO - (...) [HKLM] -- DMO
O42 - Logiciel: MKLOL - (...) [HKCU] -- MKLOL
O42 - Logiciel: MediaCaster by Ask - (.APN, LLC.) [HKLM] -- {4254522D-5637-006A-76A7-A75C790C0F02} =>Toolbar.Avira
O42 - Logiciel: PFPortChecker 1.0.40 - (.Portforward.com.) [HKLM] -- PFPortChecker
O42 - Logiciel: Patch v23 versão 2013 - (.SiteCS.) [HKLM] -- {C1C3140D-730D-4176-94EC-F1706A929776}_is1
O42 - Logiciel: RegClean-Pro - (.Systweak Inc.) [HKLM] -- RegClean-Pro_is1 =>Rogue.RegistryPowerCleaner
O42 - Logiciel: Right Backup - (.Systweak Software.) [HKLM] -- 980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1
O42 - Logiciel: Simple Port Forwarding - (.PcWinTech.com.) [HKLM] -- Simple Port Forwarding
O42 - Logiciel: Smart-X AppLocker - (.SmartX.) [HKLM] -- {8E2B79FE-DAF6-4034-AC08-904749FAC872}
O42 - Logiciel: WindowsProtectManger20.0.0.401 - (.Fuyu LIMITED.) [HKLM] -- WindowsProtectManger =>PUP.Fuyu
O42 - Logiciel: YAC App Store - (.Woodtale Technology Inc..) [HKLM] -- Computer Software Market
O42 - Logiciel: Yet Another Cleaner! - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM] -- iSafe =>Trojan.Staser
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
~ Logic: 16 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AUTORUN]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Deal Keeper] =>PUP.DealKeeper
[HKCU\Software\DefaultCompany]
[HKCU\Software\Inno]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\MICROFDP]
[HKCU\Software\NAOSEIMTBEM]
[HKCU\Software\Prompt Downloader]
[HKCU\Software\VNT]
[HKCU\Software\sXe Injected]
[HKLM\Software\4game]
[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\ANC]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\sXe_Injected]
~ Key Software: 337 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/06/2014 - 13:48:00 - [] ----D C:\Program Files\13uzer37
O43 - CFD: 16/06/2014 - 18:28:41 - [] ----D C:\Program Files\ANC
O43 - CFD: 18/06/2014 - 18:20:51 - [] ----D C:\Program Files\baidu
O43 - CFD: 02/08/2014 - 20:08:49 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 02/08/2014 - 20:07:11 - [] ----D C:\Program Files\Deal Keeper =>PUP.DealKeeper
O43 - CFD: 18/01/2014 - 12:59:31 - [0] ----D C:\Program Files\greaTsaver =>PUP.GreatSaver
O43 - CFD: 11/05/2014 - 21:32:15 - [0] ----D C:\Program Files\GS Supporter =>PUP.SaveClicker
O43 - CFD: 02/08/2014 - 20:08:42 - [] ----D C:\Program Files\iSafe =>Trojan.Staser
O43 - CFD: 10/12/2013 - 15:45:08 - [] ----D C:\Program Files\Pando Networks
O43 - CFD: 15/05/2014 - 18:39:31 - [] ----D C:\Program Files\PFPortChecker
O43 - CFD: 02/08/2014 - 19:08:15 - [] ----D C:\Program Files\RCP
O43 - CFD: 02/08/2014 - 19:09:42 - [] ----D C:\Program Files\Right Backup
O43 - CFD: 15/05/2014 - 19:38:12 - [] ----D C:\Program Files\Simple Port Forwarding
O43 - CFD: 05/03/2014 - 15:08:39 - [] ----D C:\Program Files\SmartX
O43 - CFD: 23/04/2014 - 23:18:11 - [0] ----D C:\Program Files\Standalone CrewMice
O43 - CFD: 01/06/2014 - 00:42:08 - [0] ----D C:\Program Files\SW_Booster =>PUP.SafeWeb
O43 - CFD: 29/07/2014 - 00:50:19 - [] ----D C:\Program Files\sXe Injected
O43 - CFD: 02/07/2014 - 23:43:46 - [] ----D C:\Program Files\VNT
O43 - CFD: 18/01/2014 - 12:59:43 - [] ----D C:\ProgramData\abc6db1ba5c2821a
O43 - CFD: 02/08/2014 - 20:09:05 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 02/08/2014 - 20:09:13 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 26/07/2014 - 18:54:13 - [] ----D C:\ProgramData\greaTsaver =>PUP.GreatSaver
O43 - CFD: 18/06/2014 - 18:21:17 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 16/06/2014 - 00:26:16 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 16/06/2014 - 00:26:17 - [] ----D C:\ProgramData\MountainApp
O43 - CFD: 18/06/2014 - 18:21:00 - [] ----D C:\ProgramData\WindowsProtectManger =>PUP.Fuyu
O43 - CFD: 02/08/2014 - 18:58:30 - [] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 19/05/2014 - 18:42:27 - [] ----D C:\Users\Vídeos\AppData\Roaming\.technic
O43 - CFD: 02/08/2014 - 20:09:20 - [] ----D C:\Users\Vídeos\AppData\Roaming\baidu
O43 - CFD: 13/04/2014 - 09:07:44 - [] ----D C:\Users\Vídeos\AppData\Roaming\Baidu Security
O43 - CFD: 02/08/2014 - 20:11:55 - [] ----D C:\Users\Vídeos\AppData\Roaming\iSafe =>Trojan.Staser
O43 - CFD: 14/04/2014 - 11:33:34 - [] ----D C:\Users\Vídeos\AppData\Roaming\rcru
O43 - CFD: 26/07/2014 - 19:02:44 - [] ----D C:\Users\Vídeos\AppData\Roaming\sweet-page =>PUP.SweetPage
O43 - CFD: 06/05/2014 - 22:43:12 - [] ----D C:\Users\Vídeos\AppData\Roaming\Windowsconfig
O43 - CFD: 15/06/2014 - 01:14:38 - [] ----D C:\Users\Vídeos\AppData\Roaming\WizardWars
O43 - CFD: 02/08/2014 - 19:58:25 - [] ----D C:\Users\Vídeos\AppData\Local\14384
O43 - CFD: 26/07/2014 - 18:14:30 - [] ----D C:\Users\Vídeos\AppData\Local\30336
O43 - CFD: 26/07/2014 - 21:39:22 - [] ----D C:\Users\Vídeos\AppData\Local\ETS11
O43 - CFD: 02/07/2014 - 00:54:27 - [] ----D C:\Users\Vídeos\AppData\Local\Prompt Downloader
O43 - CFD: 03/07/2014 - 15:43:27 - [] ----D C:\Users\Vídeos\AppData\Local\VNT
O43 - CFD: 15/05/2014 - 18:43:37 - [] ----D C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding
O43 - CFD: 20/07/2014 - 22:56:00 - [] ----D C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ Program Folder: 278 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.E5FA858D9DD466034D047A2CB789E79B] - 02/08/2014 - 14:34:59 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146512]
O44 - LFC:[MD5.02DE62B99A76E7D7473C1B4C59A1FF89] - 02/08/2014 - 14:34:59 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705786]
O44 - LFC:[MD5.E35457C00007877F7695AC03A1DC9334] - 18/07/2014 - 20:47:36 ---A- . (...) -- C:\Windows\JQHApp.dat [48]
O44 - LFC:[MD5.DE41BA79896BA9A9A9DE64846A39889E] - 24/07/2014 - 21:23:27 ---A- . (...) -- C:\Windows\win.ini [864]
O44 - LFC:[MD5.9DF4AD093394957A8A960CE17276D71C] - 25/07/2014 - 07:13:13 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [40768]
~ Files: 15 Legitimates Filtered in 00mn 03s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - avcenter.exe - euaie.exe
O50 - IFEO:Image File Execution Options - avguard.exe - euaie.exe
O50 - IFEO:Image File Execution Options - avp.exe - euaie.exe
O50 - IFEO:Image File Execution Options - bdagent.exe - euaie.exe
O50 - IFEO:Image File Execution Options - ccuac.exe - euaie.exe
O50 - IFEO:Image File Execution Options - ComboFix.exe - euaie.exe
O50 - IFEO:Image File Execution Options - egui.exe - euaie.exe
O50 - IFEO:Image File Execution Options - hijackthis.exe - euaie.exe
O50 - IFEO:Image File Execution Options - keyscrambler.exe - euaie.exe
O50 - IFEO:Image File Execution Options - mbam.exe - euaie.exe
O50 - IFEO:Image File Execution Options - MpCmdRun.exe - euaie.exe
O50 - IFEO:Image File Execution Options - MSASCui.exe - euaie.exe
O50 - IFEO:Image File Execution Options - MsMpEng.exe - euaie.exe
O50 - IFEO:Image File Execution Options - msseces.exe - euaie.exe
O50 - IFEO:Image File Execution Options - spybotsd.exe - euaie.exe
O50 - IFEO:Image File Execution Options - wireshark.exe - euaie.exe
O50 - IFEO:Image File Execution Options - zlclient.exe - euaie.exe
~ IFEO: Scanned in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.mjpg"="bdmjpeg.dll" . (...) -- C:\Windows\System32\bdmjpeg.dll
O52 - TDSD: \Drivers32\"vidc.mpeg"="bdmpegv.dll" . (...) -- C:\Windows\System32\bdmpegv.dll
O52 - TDSD: \Drivers32\"msacm.bdmpeg"="bdmpega.acm" . (...) -- C:\Windows\System32\bdmpega.acm
O52 - TDSD: \drivers.desc\"bdmjpeg.dll"="Bandi Motion Jpeg" . (...) -- C:\Windows\System32\bdmjpeg.dll
O52 - TDSD: \drivers.desc\"bdmpegv.dll"="Bandi MPEG-1 Video" . (...) -- C:\Windows\System32\bdmpegv.dll
O52 - TDSD: \drivers.desc\"bdmpega.acm"="Bandi MPEG-1 Audio" . (...) -- C:\Windows\System32\bdmpega.acm
~ TDSD: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\LightShot [Key] . (.No owner - Starter Module.) -- C:\Users\Vídeos\AppData\Local\Skillbrains\lightshot\Lightshot.exe
O53 - SMSR:HKLM\...\startupreg\MKLOL [Key] . (.MK - MK Main Exec.) -- C:\Program Files\MKJogo\MKLOL\MK.exe
O53 - SMSR:HKLM\...\startupreg\RegistryStarter [Key] . (...) -- C:\Users\Vídeos\AppData\Roaming\Windowsconfig\bin\win.jar
O53 - SMSR:HKLM\...\startupreg\VNT [Key] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files\VNT\vntldr.exe =>Toolbar.Ask
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/05/2014 - 00:05:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:12/05/2014 - 00:05:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:12/05/2014 - 00:05:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:25/07/2014 - 07:13:13 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [40768]
O58 - SDL:08/11/2007 - 10:29:52 ---A- . (.PixArt Imaging Inc. - PAC7302.) -- C:\Windows\System32\Drivers\PAC7302.SYS [458752]
O58 - SDL:04/01/2014 - 16:00:23 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [324096]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:08/12/2013 - 19:11:54 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [35288]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:30/05/2014 - 17:50:22 ----- . (...) -- C:\Windows\System32\apf005.sys [14160]
O58 - SDL:30/05/2014 - 17:50:22 ----- . (...) -- C:\Windows\System32\apl005.sys [25424]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 84 Legitimates Filtered in 00mn 06s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 30/04/2013 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 12/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 11/07/1744 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(...) - LEGACY_BFILTER
O64 - Services: CurCS - 11/07/1744 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(...) - LEGACY_BFMON
O64 - Services: CurCS - 11/07/1744 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(...) - LEGACY_BHBASE
O64 - Services: CurCS - 11/07/1744 - C:\Windows\system32\drivers\bndef.sys (Bndef) .(...) - LEGACY_BNDEF
O64 - Services: CurCS - 11/07/1744 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(...) - LEGACY_BPROTECT
O64 - Services: CurCS - 25/07/2014 - C:\Program Files\iSafe\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL
O64 - Services: CurCS - 25/07/2014 - C:\Program Files\iSafe\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT
O64 - Services: CurCS - 25/07/2014 - C:\Program Files\iSafe\iSafeKrnlR3.sys (iSafeKrnlR3) .(.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - LEGACY_ISAFEKRNLR3
O64 - Services: CurCS - 09/07/2014 - C:\Program Files\iSafe\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER =>Trojan.Staser
~ Legacy: 100 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera\Launcher.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7C8284A06B6B581A96DD2E91BB0CEBCF] [SPRF][18/07/2014] (...) -- C:\Users\Vídeos\AppData\Roaming\logs.dat [43266]
[MD5.605A171C61A0607BDCF6BE80ED07CF95] [SPRF][20/03/2013] (.AnjoCaido - Free launcher for Minecraft Alpha.) -- C:\Users\Vídeos\Desktop\Minecraft.exe [695296]
[MD5.347961AE63042B3FD8643FB9A8790AC7] [SPRF][25/06/2014] (...) -- C:\Users\Vídeos\Desktop\Stop Shutdown.bat [11]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{3E482E6A-1FDD-45B2-9F29-8DCCDBEA83A4}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vídeos\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{5820846C-EB2E-4BDF-804D-CF7FD11C882E}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vídeos\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C2024A6A7916AE2612F4AEA339326462] [WIS][01/07/2014] (.APN, LLC - MediaCaster by Ask.) -- C:\Windows\Installer\117dc30.msi [421888] =>Toolbar.Avira
~ WIS: 1 Legitimates Filtered in 00mn 03s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_0614a_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_0614a_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_Setup_RASAPI32 =>PUP.DealKeeper
HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_Setup_RASMANCS =>PUP.DealKeeper
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_14657_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_14657_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_applocker_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_applocker_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_morphvox_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_morphvox_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS =>PUP.WpManager
~ BTK: 538 Legitimates Filtered in 00mn 01s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{66c4d8f8-66d0-4eca-8946-d0f47b781e94}] (Deal Keeper) =>PUP.DealKeeper
~ BCK: 7656 Legitimates Filtered in 00mn 17s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Disabled 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 01/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 30/04/2013 217088 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Demand 19/06/2014 107552 | (EasyAntiCheat) . (.EasyAntiCheat Ltd.) - C:\Windows\system32\EasyAntiCheat.exe
SS - | Disabled 10/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 10/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 08/05/2014 704112 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
SS - | Disabled 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Disabled 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Disabled 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 08/02/2014 569024 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SS - | Disabled 12/06/2014 591776 | (WindowsProtectManger) . (.Fuyu LIMITED.) - C:\ProgramData\WindowsProtectManger\wprotectmanager.exe =>PUP.Fuyu
SR - | Auto 18/07/2014 12464 | (appstoreService) . (.TODO: .) - C:\Program Files\iSafe\appstore\appstoreSvc.exe =>Trojan.Staser
SR - | Auto 12/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/07/2014 1905488 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 25/07/2014 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
SR - | Auto 16/07/2014 375056 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Auto 11/07/2014 48240 | (RBClientService) . (.Systweak.) - C:\Program Files\Right Backup\RBClientService.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/03/2010 87536 | ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) . (.CyberLink Corp..) - C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
~ Services: Scanned in 00mn 19s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:04/01/2014 - 16:00:23 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [324096]
~ Emulateurs: Scanned in 00mn 19s



---\\ Scâner Aditional (088)
Database Version : 13026 - (02/08/2014)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 12
Fichiers trouvés (Files found) : 7

[HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66C4D8F8-66D0-4ECA-8946-D0F47B781E94}] =>PUP.DealKeeper^
[HKLM\SYSTEM\CurrentControlSet\Services\appstoreService] =>Trojan.Staser^
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>Trojan.Staser^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper] =>PUP.DealKeeper^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4254522D-5637-006A-76A7-A75C790C0F02}] =>Toolbar.Avira^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1] =>Rogue.RegistryPowerCleaner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>Trojan.Staser^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\VNT] =>Toolbar.Ask^
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
C:\Program Files\Deal Keeper =>PUP.DealKeeper^
C:\Program Files\greaTsaver =>PUP.GreatSaver^
C:\Program Files\GS Supporter =>PUP.SaveClicker^
C:\Program Files\iSafe =>Trojan.Staser^
C:\Program Files\SW_Booster =>PUP.SafeWeb^
C:\ProgramData\greaTsaver =>PUP.GreatSaver^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\WindowsProtectManger =>PUP.Fuyu^
C:\Users\Vídeos\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Users\Vídeos\AppData\Roaming\sweet-page =>PUP.SweetPage^
C:\Program Files\iSafe\iSafeTray.exe =>Trojan.Staser^
C:\Program Files\iSafe\iSafe.exe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeScan.exe =>Trojan.Staser^
[HKCU\Software\Deal Keeper] =>PUP.DealKeeper^
[HKLM\Software\SupDp] =>PUP.SupTab^
C:\Windows\Installer\117dc30.msi =>Toolbar.Avira^
[HKCR\CLSID\{66c4d8f8-66d0-4eca-8946-d0f47b781e94}] (Deal Keeper) =>PUP.DealKeeper^
~ Additionnel Scan: 281449 Items scanned in 00mn 42s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.Staser
[Você precisa estar registrado e conectado para ver este link.] =>PUP.QuickStart
[Você precisa estar registrado e conectado para ver este link.] =>PUP.DealKeeper
[Você precisa estar registrado e conectado para ver este link.] =>Rogue.RegistryPowerCleaner
[Você precisa estar registrado e conectado para ver este link.] =>Adware.InstallCore
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SupTab
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SaveClicker
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Tarma
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SweetPage
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Ask
[Você precisa estar registrado e conectado para ver este link.] =>PUP.AdvancedSystemProtector
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Lollipop
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Conduit
[Você precisa estar registrado e conectado para ver este link.] =>PUP.WpManager
[Você precisa estar registrado e conectado para ver este link.] =>Adware.BrowseFox
~ MSI: 15 link(s) detected in 00mn 00s



~ 988 Legitimates filtered by white list
End of the scan (720 lines in 02mn 23s)(0)
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Sab 02 Ago 2014, 20:22

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty AdwCleaner[S0]

Mensagem por Style_Games em Sab 02 Ago 2014, 20:38

# AdwCleaner v3.302 - Relatório criado 02/08/2014 às 20:31:42
# Atualizado 30/07/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Vídeos - WIN7-PC
# Executando de : C:\Users\Vídeos\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : IePluginServices
Serviço Deletada : RBClientService
[#] Serviço Deletada : WindowsProtectManger

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\WindowsProtectManger
Pasta Deletada : C:\ProgramData\greaTsaver
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaks
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Program Files\GS Supporter
[!] Pasta Deletada : C:\Program Files\iSafe
Pasta Deletada : C:\Program Files\Right Backup
Pasta Deletada : C:\Program Files\Skillbrains
Pasta Deletada : C:\Program Files\Tweaks
Pasta Deletada : C:\Program Files\greaTsaver
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\HomeGroupUser$\AppData\Local\torch
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Vídeos\AppData\Local\Skillbrains
Pasta Deletada : C:\Users\Vídeos\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Vídeos\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Vídeos\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\Vídeos\AppData\Roaming\sweet-page
Pasta Deletada : C:\Users\Win7\AppData\Local\Skillbrains
Arquivo Deletada : C:\Users\Public\Desktop\File Extractor.lnk
Arquivo Deletada : C:\Users\Vídeos\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\user.js
Arquivo Deletada : C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default\user.js
Arquivo Deletada : C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Arquivo Deletada : C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal
Arquivo Deletada : C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Deletada : C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : RegClean Pro

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_applocker_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_applocker_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_morphvox_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_morphvox_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKCU\Software\Deal Keeper
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\SkillBrains
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\Deal Keeper
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\SkillBrains
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\supWindowsProtectManger
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks File Extractor
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Vídeos\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\prefs.js ]

Linha deletada : user_pref("browser.search.defaultenginename", "sweet-page");
Linha deletada : user_pref("browser.search.selectedEngine", "sweet-page");

[ Arquivo : C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

[ Arquivo : C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [3594 octets] - [11/05/2014 23:33:08]
AdwCleaner[R1].txt - [7603 octets] - [02/08/2014 20:27:28]
AdwCleaner[S0].txt - [6492 octets] - [02/08/2014 20:31:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6552 octets] ##########
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Sab 02 Ago 2014, 20:39

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

zoek - Vírus Win32:RmnDrp Estragando tudo!!! 772309 Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Style_Games em Sab 02 Ago 2014, 23:42

Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by V¡deos on 02/08/2014 at 23:15:13,56.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\VDEOS~1\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 23:16:46,07 =====

--- Create Environment Variables 23:16:48,21
--- Create System Restore Point 23:17:05,27
--- Checking Input 23:17:25,61
--- Reset Hosts File 23:17:30,96
--- AU AppData Check 23:17:31,74
--- Remove From Windows Installer 23:17:38,48
--- IE Startpage Check 23:19:25,08
--- Program Files DB Check 23:20:19,96
--- C:\Users\Administrador\AppData\ DB Check 23:21:35,67
--- C:\Users\Convidado\AppData\ DB Check 23:21:35,67
--- C:\Users\Default\AppData\ DB Check 23:21:35,67
--- C:\Users\Default User\AppData\ DB Check 23:21:35,67
--- C:\Users\HomeGroupUser$\AppData\ DB Check 23:21:35,67
--- C:\Users\Win7\AppData\ DB Check 23:21:35,67
--- C:\Users\USURIO~1\AppData\ DB Check 23:21:35,67
--- C:\Windows\system32\config\systemprofile\AppData\ DB Check 23:21:35,67
--- C:\Windows\serviceprofiles\networkservice\AppData\ DB Check 23:21:35,67
--- C:\Windows\serviceprofiles\Localservice\AppData\ DB Check 23:21:35,67
--- C:\Users\VDEOS~1 DB Check 23:26:05,68
--- C:\PROGRA~2 DB Check 23:26:40,13
--- C:\Users\Administrador\AppData\Local DB Check 23:26:44,05
--- C:\Users\Convidado\AppData\Local DB Check 23:26:44,05
--- C:\Users\Default\AppData\Local DB Check 23:26:44,05
--- C:\Users\Default User\AppData\Local DB Check 23:26:44,05
--- C:\Users\HomeGroupUser$\AppData\Local DB Check 23:26:44,05
--- C:\Users\Win7\AppData\Local DB Check 23:26:44,05
--- C:\Users\USURIO~1\AppData\Local DB Check 23:26:44,05
--- C:\Windows\system32\config\systemprofile\AppData\Local DB Check 23:26:44,05
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 23:26:44,05
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 23:26:44,05
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 23:28:53,75
--- C:\Users\VDEOS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs DB Check 23:29:02,59
--- Tasks DB Check 23:29:07,85
--- Downloads DB Check 23:29:11,41
--- C:\Users\Win7\AppData\LocalLow DB Check 23:29:16,55
--- C:\Windows\system32\config\systemprofile\AppData\LocalLow DB Check 23:29:16,55
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 23:29:16,55
--- Tasks2 DB Check 23:29:51,23
--- Documents DB Check 23:30:14,45
--- C:\Users\VDEOS~1\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default DB Check 23:30:23,99
--- C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default DB Check 23:30:23,99
--- C:\Users\Public\Desktop DB Check 23:30:29,66
--- C:\Users\VDEOS~1\Desktop DB Check 23:30:33,01
--- Services DB Check 23:30:41,23
--- FF prefs.js DB Check 23:31:02,81
--- Del by CLSID 23:32:14,57
--- Delete Services 23:32:47,45
--- Firefox Fix 23:33:03,25



Obs: Se não é isso desculpa, o meu Zoek trava aí, e não pede pra reiniciar, caso eu reinicie não salva então esse é o jeito...
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Sab 02 Ago 2014, 23:47

Ele não terminou ainda a limpeza dele.

inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro). Quando o PC estiver em modo seguro com rede faça o uso do Zoek como lhe passei e poste o relatório completo dele.
____________________________________________________

Se mesmo assim não for possível, me avise que amanhã eu te passo outro bom programa para continuarmos a limpeza, pois agora preciso descansar um pouco.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Zoek Log

Mensagem por Style_Games em Dom 03 Ago 2014, 00:40

Bom descanso pra você Power, você está me ajudando muito até agora. ^^
Eu fiz o Processo certo agora.
O Resultado esta à baixo.


Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by V¡deos on 03/08/2014 at 0:11:58,48.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\VDEOS~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-03-005348.log 1458 bytes
C:\zoek-results2014-08-03-023303.log 1551 bytes

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeNetFilter deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\VDEOS~1\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultenginename", "sweet-page");
user_pref("browser.search.selectedEngine", "sweet-page");

Added to C:\Users\VDEOS~1\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.newtab.url", "http://www.google.com");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\VDEOS~1\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_082014_0022_.backup
prefs_082014_2100_.backup
prefs_082014_2153_.backup
prefs_082014_2333_.backup

ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_082014_0022_.backup
prefs_082014_2100_.backup
prefs_082014_2153_.backup
prefs_082014_2333_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\RCP deleted
C:\PROGRA~2\DivX deleted
C:\PROGRA~2\MountainApp deleted
C:\Program Files\Deal Keeper deleted
C:\Program Files\SW_Booster deleted
C:\Users\VDEOS~1\kernel.tmp deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC deleted
C:\Users\VDEOS~1\Searches deleted
C:\Windows\system32\tasks\Baidu Antivirus Update deleted
C:\Windows\system32\tasks\Right Backup_startup deleted
C:\Users\VDEOS~1\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\extensions\firefox@mightydealkeeper.com.xpi deleted
C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default\extensions\{849ded12-59e9-4dae-8f86-918b70d213dc} deleted
"C:\PROGRA~2\abc6db1ba5c2821a\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~2\abc6db1ba5c2821a\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted
"C:\PROGRA~2\abc6db1ba5c2821a\{CA41BB14-E67B-1653-C57B-5CA99418A866}.old" deleted
"C:\Program Files\iSafe\iSafeRKScanShell.dll" deleted
"C:\Program Files\iSafe\sqlite3.dll" deleted
"C:\PROGRA~2\abc6db1ba5c2821a" deleted
"C:\Program Files\iSafe" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/05/2014 00:05]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[18/04/2014 14:16]

GreoattsaVer - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
sAve nete - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj
GreoattsaVer - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
System Drive - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
sAve nete - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj
GreoattsaVer - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
System Drive - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
sAve nete - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj
GreoattsaVer - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
System Drive - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - Win7\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Win7\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
Google Drive - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
GreoattsaVer - Win7\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Win7\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno

==== Chrome Fix ======================

C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mydailysearch.com_0.localstorage deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mydailysearch.com_0.localstorage-journal deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Win7\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Win7\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{66c4d8f8-66d0-4eca-8946-d0f47b781e94} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66c4d8f8-66d0-4eca-8946-d0f47b781e94} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\Win7\Desktop\Bandicam.lnk - C:\Program Files\Bandicam\bdcam.exe
C:\Users\Win7\Desktop\MK LOL.lnk - C:\Program Files\MKJogo\MKLOL\Bin\MKIM.exe
C:\Users\Win7\Desktop\PointBlank.lnk - C:\ongame\Pointblank\PBLauncher.exe
C:\Users\Win7\Desktop\Skype [2].lnk - C:\Program Files\Skype\Phone\Skype.exe /secondary
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\Counter-Strike 1.6.lnk - C:\Program Files\Counter-Strike 1.6\Counter-Strike.exe
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\Hearthstone.lnk - C:\Program Files\Hearthstone\Hearthstone Beta Launcher.exe
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\LoL.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\Spore.lnk - C:\Program Files\Electronic Arts\SPORE_EP1\SporebinEP1\SporeApp.exe
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\The Stanley Parable.lnk - C:\Program Files\Galactic Cafe\The Stanley Parable\thestanleyparable.exe
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\Mine\Minecraft.lnk - C:\Users\Vídeos\Downloads\Minecraft.exe
C:\Users\Win7\Desktop\Minhas Coisas\Programas\Cheat Engine.lnk - C:\Program Files\Cheat Engine 6.3\Cheat Engine.exe
C:\Users\Win7\Desktop\Minhas Coisas\Programas\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Win7\Desktop\Minhas Coisas\Programas\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Cube World.lnk - C:\Program Files\Cube World\CubeLauncher.exe
C:\Users\Public\Desktop\GS Auto Clicker.lnk - C:\Program Files\GSAutoClicker3\GSAutoClicker.exe
C:\Users\Public\Desktop\LIMBO.lnk - C:\Windows\Installer\{3D88D0F7-FE8C-46A9-9966-3FEE8CAAD8F8}\limbo.exe1_663F3A44D79E46F0AC8BE0E603CDCC71.exe
C:\Users\Public\Desktop\Play League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GS Auto Clicker\GS Auto Clicker.lnk - C:\Program Files\GSAutoClicker3\GSAutoClicker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GS Auto Clicker\Uninstall GS Auto Clicker.lnk - C:\Program Files\GSAutoClicker3\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Atualização HP.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Ajuda.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HelpViewer\hpqlpvwr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Comprar suprimentos.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\hpqDTSS.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Configuração da impressora & Software.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Desinstalar.lnk - C:\Windows\System32\msiexec.exe /qb /x {09EC1A2F-F639-49BE-8378-746DA9F286F8}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Estudo de aprimoramento de produtos HP.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe /changesettings /UA 12.5 /DDV 0x0b00
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Ferramentas de diagnóstico de impressora online HP.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\HP Deskjet 1510 series.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HP Deskjet 1510 series.exe -Start UDCDevicePage
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\HP Scan.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPScan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Site de suporte do produto.lnk - C:\Program Files\HP\HP Deskjet 1510 series\ProductSupportShortcut.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Desinstalar HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\PhotoProduct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\system32\msiexec.exe /i {BDA0EB29-8B31-4BF4-8B05-04AA52340AC4} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PointBlank\Uninstall - PointBlank.lnk - C:\ongame\Pointblank\PBUnInst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PointBlank\Website - PointBlank.lnk - C:\ongame\Pointblank\PointBlank.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC App Store\uninstall.lnk - C:\Program Files\iSafe\appstore\uninstall.exe -uninst
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC App Store\YAC App Store.lnk - C:\Program Files\iSafe\appstore\isafeAppStore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\e1eab426-cd29-4453-b836-c17dd92c23ef deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VNT deleted successfully

==== Empty IE Cache ======================

C:\Users\Win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Win7\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Win7\AppData\Local\Mozilla\Firefox\Profiles\f8o1ggm2.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1798 folders=333 509983944 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Win7\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\VDEOS~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files\iSafe" not found

==== EOF on 03/08/2014 at 0:34:39,19 ======================
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Dom 03 Ago 2014, 10:33

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty JRT

Mensagem por Style_Games em Dom 03 Ago 2014, 13:53

]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by V¡deos on 03/08/2014 at 13:35:53,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bdutil_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bdutil_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\deal_keeper_installer_v3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\deal_keeper_installer_v3_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\V¡deos\AppData\Roaming\isafe"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/08/2014 at 13:39:26,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Dom 03 Ago 2014, 14:03

zoek - Vírus Win32:RmnDrp Estragando tudo!!! 772309 Faça o download do Malwarebytes em um destes links abaixo:
[Você precisa estar registrado e conectado para ver este link.]
[Você precisa estar registrado e conectado para ver este link.]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Sem vírus?

Mensagem por Style_Games em Dom 03 Ago 2014, 14:29

Eu resolvi fazer um escaneamento hoje e o Avast não detectou nada! Pensei que era improvável então eu fiz outro escaneamento e de novo deu 'sem vírus', mesmo assim, eu deveria continuar com a limpeza do PC, ou os processos anteriores resolveram o problema da praga Win32:RmnDrp?
 :rindo_atoa: 
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Dom 03 Ago 2014, 14:31

Por enquanto a gente só removeu adwares, ainda devem ter outras contaminações no seu PC. É importante ir seguindo estes procedimentos que estou te passando até o computador ficar realmente limpo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por joram em Qui 04 Set 2014, 16:26

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da Equipe da Moderação solicitando o desbloqueio.

_________________
Fórum PC Brasil >> O que há de melhor,para desinfectar seu computador!
Fórum SecSecurity >> Não deixem de conhecer!
Fórum iMasters >> Tradição em informática!
joram
joram
Administrador
Administrador

Mensagens : 3931
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum