Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking digg  Social bookmarking delicious  Social bookmarking reddit  Social bookmarking stumbleupon  Social bookmarking slashdot  Social bookmarking yahoo  Social bookmarking google  Social bookmarking blogmarks  Social bookmarking live      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14523 usuários registrados
O último usuário registrado atende pelo nome de Fabio Oliveira

Os nossos membros postaram um total de 35499 mensagens em 3606 assuntos
Últimos assuntos
» Computador lento
por lucasbitt Sex 31 Jan 2020, 11:20

Quem está conectado
1 usuário online :: Nenhum usuário registrado, Nenhum Invisível e 1 Visitante :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 163 em Seg 02 Set 2019, 16:28
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Fevereiro 2020
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
242526272829 

Calendário Calendário


Vírus Win32:RmnDrp Estragando tudo!!!

Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Style_Games em Sab 02 Ago 2014, 19:57

Eu não sei de onde que eu consegui mas um vírus chamado Win32:RmnDrp do nada apareceu e começou a infectar tudo, as pastas, arquivos e etc, o Avast inclusive detectou ele mesmo! Isso é um BUG do Avast ou esse realmente é um vírus perigoso, pesquisei e pelo que ví eu deveria estar realmente com muito medo, afinal, essa praga é um Worm. >_<

Ps: Quanto mais rápido a ajuda, melhor, tenho até segunda pra concertar, depois disso meu primo vem pegar o PC de volta.
 Crying or Very sad  Crying or Very sad
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Sab 02 Ago 2014, 20:01

Olá.

zoek - Vírus Win32:RmnDrp Estragando tudo!!! 772309 Faça o download do < ZHPDiag > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Você precisa estar registrado e conectado para ver esta imagem.]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty ZHPCleaner - Bloco de Notas

Mensagem por Style_Games em Sab 02 Ago 2014, 20:08

~ ZHPCleaner v2014.8.2.49 by Nicolas Coolman (02/08/2014)
~ Run by Vídeos (02/08/2014 20:08:57)
~ WebSite : [Você precisa estar registrado e conectado para ver este link.]
~ Forum : [Você precisa estar registrado e conectado para ver este link.]
~ State version : Updated version
~ Report : C:\Users\Vídeos\Desktop\ZHPCleaner.txt
~ Report : C:\Users\Vídeos\AppData\Roaming\ZHP\ZHPCleaner.txt
~ Windows 7, 32-bit (Build 7600)



---\\ Restoration of the browsers default proxy settings,
REPLACED PARAMS: EnableHttp1_1 ( 1 )
REPLACED PARAMS: ProxyServer ( http=;ftp=;https=; )


---\\ Redirect Shortcut Browsers repair (Argument Infection)
~ Any necessary repairs


---\\ Startup Browser Microsoft Internet Explorer Repair
REPLACED PARAMS: Default_Page_URL ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Start Page ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Search Page ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Default_Page_URL ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Default_Search_URL ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Start Page ( [Você precisa estar registrado e conectado para ver este link.] )
REPLACED PARAMS: Search Page ( [Você precisa estar registrado e conectado para ver este link.] )


---\\ Startup Browser Mozilla Firefox Repair


---\\ Startup Browser Coogle Chrome Repair
~ Any necessary repairs


---\\ Startup Browser Opera Sofware Opera Repair
~ Any necessary repairs


---\\ Browser Helper Objet Repair
~ Any necessary repairs


---\\ Toolbars Repair
~ Any necessary repairs


---\\ Defaul Browser Provider Repair (SearchScope)
REPLACED: HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope ({0191A6B0-1154-4C22-9182-23A95BBE92D9})


---\\ Remove values from startup key changing the browser settings (Run)
~ Any necessary repairs


---\\ Removal of harmful extensions for Google Chrome (Manifest).
~ Any necessary repairs


End of clean at 20:09:00


Última edição por Style_Games em Sab 02 Ago 2014, 20:20, editado 2 vez(es)
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Sab 02 Ago 2014, 20:10

O programa que você usou foi o ZHPCleaner, foi bom usar ele pois ele removeu alguns problemas. Mas o que te pedi para usar foi o ZHPDiag, baixe ele naquele link que te passei, execute-o conforme o tutorial que te passei e poste o relatório dele.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty ZHPDiag.txt

Mensagem por Style_Games em Sab 02 Ago 2014, 20:20

~ Relatório do ZHPDiag v2014.8.2.112 - Nicolas Coolman (02/08/2014)
~ Iniciado por Vídeos (02/08/2014 20:16:53)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.10

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3071 MB (47% free)
System Restore: Désactivé (Disabled)
System drive C: has 146 GB (62%) free of 234 GB

---\\ Modo de conexão ao sistema
~ Computer Name: WIN7-PC
~ User Name: Vídeos
~ All Users Names: Win7, Vídeos, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Vídeos\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Vídeos\AppData\Roaming\
~ %Desktop% : C:\Users\Vídeos\Desktop\
~ %Favorites% : C:\Users\Vídeos\Favorites\
~ %LocalAppData% : C:\Users\Vídeos\AppData\Local\
~ %StartMenu% : C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 146 Go of 234 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 47 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C36E38AD3C7FAFF0E30C4CBCB28CE7FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.09/12/2013 - 20:24:25.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/5
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/55
~ Mon Bureau (My Desktop) : 1/792
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.3C958582E48340E84EF268E7661BA30E] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10029672] [PID.3448]
[MD5.2218928CF528D7BC295B1B4C69E9846C] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3890208] [PID.3636]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3740]
[MD5.FB0C6F8A040626D689236AA913D6E8C9] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files\iSafe\iSafeTray.exe [1018696] [PID.4604] =>Trojan.Staser
[MD5.8F74F7A7D34894BC0396D3BD7C7A1CD8] - (.Elex do Brasil Participações Ltda - YAC.) -- C:\Program Files\iSafe\iSafe.exe [903496] [PID.1584] =>Trojan.Staser
[MD5.5DE352CABCB0C81664F58E7239F33691] - (.Elex do Brasil Participações Ltda - iSafeScan.) -- C:\Program Files\iSafe\iSafeScan.exe [463176] [PID.2580] =>Trojan.Staser
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.3372]
[MD5.D97BF9F66430717C7981048CA88F2C63] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8084480] [PID.5448]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [panpiecllaicaafneoofcmdgmbcihhnd] MediaCaster by Ask v.101.14 (Désactivé)
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick start v.4.4.5, (Désactivé) =>PUP.QuickStart

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Vídeos\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\prefs.js
C:\Users\Vídeos\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\user.js
P2 - FPN: [HKLM] [@raidcall.en/RCplugin] - (.Raidcall - Raidcall plugin.) -- C:\Users\Vídeos\AppData\Roaming\rcru\plugins\nprcplugin.dll
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (.not file.)
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 11 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=c:\windows\system32\userinit.exe,userinit.exe,c:\program files\microsoft\desktoplayer.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
O1 - Hosts: 46.151.82.194 ms.strikes.ru
O1 - Hosts: 46.151.82.194 ms.cs-monitor.ru
O1 - Hosts: 46.151.82.194 ms1.cs-exes.ru
O1 - Hosts: 46.151.82.194 ms2.cs-exes.ru
O1 - Hosts: 46.151.82.194 valve-master-server.com
O1 - Hosts: 46.151.82.194 css.setti.info
O1 - Hosts: 46.151.82.194 1.boostmaster.org
O1 - Hosts: 46.151.82.194 2.boostmaster.org
O1 - Hosts: 46.151.82.194 1.masterserver.su
O1 - Hosts: 46.151.82.194 2.masterserver.su
O1 - Hosts: 46.151.82.194 ms.cs-servera.net
O1 - Hosts: 46.151.82.194 ms.magesy.ru
O1 - Hosts: 46.151.82.194 ms2.magesy.ru
O1 - Hosts: 46.151.82.194 ms.set-master.ru
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 14



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Deal Keeper - {66c4d8f8-66d0-4eca-8946-d0f47b781e94} . (.Deal Keeper - Deal Keeper.) -- C:\Program Files\Deal Keeper\DealKeeperbho.dll =>PUP.DealKeeper
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Vídeos]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Vídeos\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 03s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\RunOnce: [Del20310799] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKCU\..\RunOnce: [Del20310799] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4281788053-1957141794-1794633077-1003\..\RunOnce: [Del20310799] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\cmd.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} . (...) -- C:\Program Files\Hewlett-Packard\Smart Print\SmartPrint.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8874AE17-665F-487A-9DA1-ACEFD0172C75}: DhcpNameServer = 201.10.120.3 201.10.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{8874AE17-665F-487A-9DA1-ACEFD0172C75}: DhcpNameServer = 201.10.120.3 201.10.1.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{8874AE17-665F-487A-9DA1-ACEFD0172C75}: DhcpNameServer = 201.10.120.3 201.10.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.10.120.3 201.10.1.2
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: appstoreService (appstoreService) . (.TODO: - TODO: .) - C:\Program Files\iSafe\appstore\appstoreSvc.exe =>Trojan.Staser
O23 - Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
O23 - Service: RBClientService (RBClientService) . (.Systweak - Right Backup.) - C:\Program Files\Right Backup\RBClientService.exe
~ Services: 7 Legitimates Filtered in 00mn 06s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (aswBoot.exe /M:119b31a10d /dir:"C:\Program Files\AVAST Software\Avast") - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [ASP] (...) -- C:\Program Files\RegClean Pro\SystweakASP.exe (.not file.) [0] =>Rogue.RegistryPowerCleaner
[MD5.00000000000000000000000000000000] [APT] [Baidu Antivirus Update] (...) -- C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BavUpdater.exe (.not file.) [0]
[MD5.E914628A578278D2D9204A0DF5BFC189] [APT] [Right Backup_startup] (.Systweak.) -- C:\Program Files\Right Backup\RightBackup.exe [5235312]
[MD5.3D9C36AEF23B3ECFDFD1375BBF1ACAA7] [APT] [update-S-1-5-21-4281788053-1957141794-1794633077-1000] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105760]
[MD5.3D9C36AEF23B3ECFDFD1375BBF1ACAA7] [APT] [update-sys] (...) -- C:\Program Files\Skillbrains\Updater\Updater.exe [105760]
[MD5.AD56E40F561B9155297AE64688EC02B7] [APT] [{156F5EC9-950B-473E-B23D-8D015E9F811A}] (.Re-Logic.) -- C:\Program Files\Terraria\Terraria.exe [3976192]
[MD5.AD56E40F561B9155297AE64688EC02B7] [APT] [{4406D373-73FB-44C7-9F8F-134984C6756E}] (.Re-Logic.) -- C:\Program Files\Terraria\Terraria.exe [3976192]
[MD5.00000000000000000000000000000000] [APT] [{8372A9A6-FDD7-485F-A0FA-0C15138CF59E}] (...) -- C:\Users\Vídeos\Downloads\CS 1.6 Full v7.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A54B3117-822F-4EAC-8E04-171A40E86D89}] (...) -- C:\Users\Vídeos\Downloads\Hearthstone-Beta-Setup-ptBR (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E297773D-D5EF-4A8F-9CBB-041504F47E79}] (...) -- C:\ongame\Pointblank\PBLauncher.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 06s



---\\ Componentes instalados (ActiveSetup Installed Components) (040)
O40 - ASIC: Installed Component - S-1-5-21-4281788053-1957141794-1794633077-1003 - {18RBRS56-01YN-DG4F-3750-KHY2CKMGW37H} -- Not Hexadécimal CLSID
O40 - ASIC: Installed Component - S-1-5-21-4281788053-1957141794-1794633077-1003 - {7G1H8MD8-7AGN-670G-O157-3Q03D3L1S6RH} -- Not Hexadécimal CLSID
~ Active Setup: 14 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files\iSafe\iSafeKrnl.sys
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files\iSafe\iSafeKrnlKit.sys
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files\iSafe\iSafeKrnlR3.sys
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Program Files\iSafe\iSafeNetFilter.sys =>Trojan.Staser
~ Drivers: 90 Legitimates Filtered in 00mn 10s



---\\ Software instalados (042)
O42 - Logiciel: Deal Keeper - (.Deal Keeper.) [HKLM] -- Deal Keeper =>PUP.DealKeeper
O42 - Logiciel: GDMO - (...) [HKLM] -- DMO
O42 - Logiciel: MKLOL - (...) [HKCU] -- MKLOL
O42 - Logiciel: MediaCaster by Ask - (.APN, LLC.) [HKLM] -- {4254522D-5637-006A-76A7-A75C790C0F02} =>Toolbar.Avira
O42 - Logiciel: PFPortChecker 1.0.40 - (.Portforward.com.) [HKLM] -- PFPortChecker
O42 - Logiciel: Patch v23 versão 2013 - (.SiteCS.) [HKLM] -- {C1C3140D-730D-4176-94EC-F1706A929776}_is1
O42 - Logiciel: RegClean-Pro - (.Systweak Inc.) [HKLM] -- RegClean-Pro_is1 =>Rogue.RegistryPowerCleaner
O42 - Logiciel: Right Backup - (.Systweak Software.) [HKLM] -- 980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1
O42 - Logiciel: Simple Port Forwarding - (.PcWinTech.com.) [HKLM] -- Simple Port Forwarding
O42 - Logiciel: Smart-X AppLocker - (.SmartX.) [HKLM] -- {8E2B79FE-DAF6-4034-AC08-904749FAC872}
O42 - Logiciel: WindowsProtectManger20.0.0.401 - (.Fuyu LIMITED.) [HKLM] -- WindowsProtectManger =>PUP.Fuyu
O42 - Logiciel: YAC App Store - (.Woodtale Technology Inc..) [HKLM] -- Computer Software Market
O42 - Logiciel: Yet Another Cleaner! - (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM] -- iSafe =>Trojan.Staser
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
~ Logic: 16 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AUTORUN]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Deal Keeper] =>PUP.DealKeeper
[HKCU\Software\DefaultCompany]
[HKCU\Software\Inno]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\MICROFDP]
[HKCU\Software\NAOSEIMTBEM]
[HKCU\Software\Prompt Downloader]
[HKCU\Software\VNT]
[HKCU\Software\sXe Injected]
[HKLM\Software\4game]
[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\ANC]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\sXe_Injected]
~ Key Software: 337 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/06/2014 - 13:48:00 - [] ----D C:\Program Files\13uzer37
O43 - CFD: 16/06/2014 - 18:28:41 - [] ----D C:\Program Files\ANC
O43 - CFD: 18/06/2014 - 18:20:51 - [] ----D C:\Program Files\baidu
O43 - CFD: 02/08/2014 - 20:08:49 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 02/08/2014 - 20:07:11 - [] ----D C:\Program Files\Deal Keeper =>PUP.DealKeeper
O43 - CFD: 18/01/2014 - 12:59:31 - [0] ----D C:\Program Files\greaTsaver =>PUP.GreatSaver
O43 - CFD: 11/05/2014 - 21:32:15 - [0] ----D C:\Program Files\GS Supporter =>PUP.SaveClicker
O43 - CFD: 02/08/2014 - 20:08:42 - [] ----D C:\Program Files\iSafe =>Trojan.Staser
O43 - CFD: 10/12/2013 - 15:45:08 - [] ----D C:\Program Files\Pando Networks
O43 - CFD: 15/05/2014 - 18:39:31 - [] ----D C:\Program Files\PFPortChecker
O43 - CFD: 02/08/2014 - 19:08:15 - [] ----D C:\Program Files\RCP
O43 - CFD: 02/08/2014 - 19:09:42 - [] ----D C:\Program Files\Right Backup
O43 - CFD: 15/05/2014 - 19:38:12 - [] ----D C:\Program Files\Simple Port Forwarding
O43 - CFD: 05/03/2014 - 15:08:39 - [] ----D C:\Program Files\SmartX
O43 - CFD: 23/04/2014 - 23:18:11 - [0] ----D C:\Program Files\Standalone CrewMice
O43 - CFD: 01/06/2014 - 00:42:08 - [0] ----D C:\Program Files\SW_Booster =>PUP.SafeWeb
O43 - CFD: 29/07/2014 - 00:50:19 - [] ----D C:\Program Files\sXe Injected
O43 - CFD: 02/07/2014 - 23:43:46 - [] ----D C:\Program Files\VNT
O43 - CFD: 18/01/2014 - 12:59:43 - [] ----D C:\ProgramData\abc6db1ba5c2821a
O43 - CFD: 02/08/2014 - 20:09:05 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 02/08/2014 - 20:09:13 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 26/07/2014 - 18:54:13 - [] ----D C:\ProgramData\greaTsaver =>PUP.GreatSaver
O43 - CFD: 18/06/2014 - 18:21:17 - [] ----D C:\ProgramData\IePluginServices =>PUP.IePluginService
O43 - CFD: 16/06/2014 - 00:26:16 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 16/06/2014 - 00:26:17 - [] ----D C:\ProgramData\MountainApp
O43 - CFD: 18/06/2014 - 18:21:00 - [] ----D C:\ProgramData\WindowsProtectManger =>PUP.Fuyu
O43 - CFD: 02/08/2014 - 18:58:30 - [] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 19/05/2014 - 18:42:27 - [] ----D C:\Users\Vídeos\AppData\Roaming\.technic
O43 - CFD: 02/08/2014 - 20:09:20 - [] ----D C:\Users\Vídeos\AppData\Roaming\baidu
O43 - CFD: 13/04/2014 - 09:07:44 - [] ----D C:\Users\Vídeos\AppData\Roaming\Baidu Security
O43 - CFD: 02/08/2014 - 20:11:55 - [] ----D C:\Users\Vídeos\AppData\Roaming\iSafe =>Trojan.Staser
O43 - CFD: 14/04/2014 - 11:33:34 - [] ----D C:\Users\Vídeos\AppData\Roaming\rcru
O43 - CFD: 26/07/2014 - 19:02:44 - [] ----D C:\Users\Vídeos\AppData\Roaming\sweet-page =>PUP.SweetPage
O43 - CFD: 06/05/2014 - 22:43:12 - [] ----D C:\Users\Vídeos\AppData\Roaming\Windowsconfig
O43 - CFD: 15/06/2014 - 01:14:38 - [] ----D C:\Users\Vídeos\AppData\Roaming\WizardWars
O43 - CFD: 02/08/2014 - 19:58:25 - [] ----D C:\Users\Vídeos\AppData\Local\14384
O43 - CFD: 26/07/2014 - 18:14:30 - [] ----D C:\Users\Vídeos\AppData\Local\30336
O43 - CFD: 26/07/2014 - 21:39:22 - [] ----D C:\Users\Vídeos\AppData\Local\ETS11
O43 - CFD: 02/07/2014 - 00:54:27 - [] ----D C:\Users\Vídeos\AppData\Local\Prompt Downloader
O43 - CFD: 03/07/2014 - 15:43:27 - [] ----D C:\Users\Vídeos\AppData\Local\VNT
O43 - CFD: 15/05/2014 - 18:43:37 - [] ----D C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding
O43 - CFD: 20/07/2014 - 22:56:00 - [] ----D C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ Program Folder: 278 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.E5FA858D9DD466034D047A2CB789E79B] - 02/08/2014 - 14:34:59 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146512]
O44 - LFC:[MD5.02DE62B99A76E7D7473C1B4C59A1FF89] - 02/08/2014 - 14:34:59 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705786]
O44 - LFC:[MD5.E35457C00007877F7695AC03A1DC9334] - 18/07/2014 - 20:47:36 ---A- . (...) -- C:\Windows\JQHApp.dat [48]
O44 - LFC:[MD5.DE41BA79896BA9A9A9DE64846A39889E] - 24/07/2014 - 21:23:27 ---A- . (...) -- C:\Windows\win.ini [864]
O44 - LFC:[MD5.9DF4AD093394957A8A960CE17276D71C] - 25/07/2014 - 07:13:13 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [40768]
~ Files: 15 Legitimates Filtered in 00mn 03s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - avcenter.exe - euaie.exe
O50 - IFEO:Image File Execution Options - avguard.exe - euaie.exe
O50 - IFEO:Image File Execution Options - avp.exe - euaie.exe
O50 - IFEO:Image File Execution Options - bdagent.exe - euaie.exe
O50 - IFEO:Image File Execution Options - ccuac.exe - euaie.exe
O50 - IFEO:Image File Execution Options - ComboFix.exe - euaie.exe
O50 - IFEO:Image File Execution Options - egui.exe - euaie.exe
O50 - IFEO:Image File Execution Options - hijackthis.exe - euaie.exe
O50 - IFEO:Image File Execution Options - keyscrambler.exe - euaie.exe
O50 - IFEO:Image File Execution Options - mbam.exe - euaie.exe
O50 - IFEO:Image File Execution Options - MpCmdRun.exe - euaie.exe
O50 - IFEO:Image File Execution Options - MSASCui.exe - euaie.exe
O50 - IFEO:Image File Execution Options - MsMpEng.exe - euaie.exe
O50 - IFEO:Image File Execution Options - msseces.exe - euaie.exe
O50 - IFEO:Image File Execution Options - spybotsd.exe - euaie.exe
O50 - IFEO:Image File Execution Options - wireshark.exe - euaie.exe
O50 - IFEO:Image File Execution Options - zlclient.exe - euaie.exe
~ IFEO: Scanned in 00mn 00s



---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"vidc.mjpg"="bdmjpeg.dll" . (...) -- C:\Windows\System32\bdmjpeg.dll
O52 - TDSD: \Drivers32\"vidc.mpeg"="bdmpegv.dll" . (...) -- C:\Windows\System32\bdmpegv.dll
O52 - TDSD: \Drivers32\"msacm.bdmpeg"="bdmpega.acm" . (...) -- C:\Windows\System32\bdmpega.acm
O52 - TDSD: \drivers.desc\"bdmjpeg.dll"="Bandi Motion Jpeg" . (...) -- C:\Windows\System32\bdmjpeg.dll
O52 - TDSD: \drivers.desc\"bdmpegv.dll"="Bandi MPEG-1 Video" . (...) -- C:\Windows\System32\bdmpegv.dll
O52 - TDSD: \drivers.desc\"bdmpega.acm"="Bandi MPEG-1 Audio" . (...) -- C:\Windows\System32\bdmpega.acm
~ TDSD: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\LightShot [Key] . (.No owner - Starter Module.) -- C:\Users\Vídeos\AppData\Local\Skillbrains\lightshot\Lightshot.exe
O53 - SMSR:HKLM\...\startupreg\MKLOL [Key] . (.MK - MK Main Exec.) -- C:\Program Files\MKJogo\MKLOL\MK.exe
O53 - SMSR:HKLM\...\startupreg\RegistryStarter [Key] . (...) -- C:\Users\Vídeos\AppData\Roaming\Windowsconfig\bin\win.jar
O53 - SMSR:HKLM\...\startupreg\VNT [Key] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files\VNT\vntldr.exe =>Toolbar.Ask
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/05/2014 - 00:05:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:12/05/2014 - 00:05:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:12/05/2014 - 00:05:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:25/07/2014 - 07:13:13 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [40768]
O58 - SDL:08/11/2007 - 10:29:52 ---A- . (.PixArt Imaging Inc. - PAC7302.) -- C:\Windows\System32\Drivers\PAC7302.SYS [458752]
O58 - SDL:04/01/2014 - 16:00:23 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [324096]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:08/12/2013 - 19:11:54 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [35288]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:30/05/2014 - 17:50:22 ----- . (...) -- C:\Windows\System32\apf005.sys [14160]
O58 - SDL:30/05/2014 - 17:50:22 ----- . (...) -- C:\Windows\System32\apl005.sys [25424]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 84 Legitimates Filtered in 00mn 06s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 30/04/2013 - C:\Windows\System32\DRIVERS\atikmdag.sys (amdkmdag) .(.Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 12/05/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 11/07/1744 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(...) - LEGACY_BFILTER
O64 - Services: CurCS - 11/07/1744 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(...) - LEGACY_BFMON
O64 - Services: CurCS - 11/07/1744 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(...) - LEGACY_BHBASE
O64 - Services: CurCS - 11/07/1744 - C:\Windows\system32\drivers\bndef.sys (Bndef) .(...) - LEGACY_BNDEF
O64 - Services: CurCS - 11/07/1744 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(...) - LEGACY_BPROTECT
O64 - Services: CurCS - 25/07/2014 - C:\Program Files\iSafe\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL
O64 - Services: CurCS - 25/07/2014 - C:\Program Files\iSafe\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT
O64 - Services: CurCS - 25/07/2014 - C:\Program Files\iSafe\iSafeKrnlR3.sys (iSafeKrnlR3) .(.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - LEGACY_ISAFEKRNLR3
O64 - Services: CurCS - 09/07/2014 - C:\Program Files\iSafe\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER =>Trojan.Staser
~ Legacy: 100 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Opera\Launcher.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.7C8284A06B6B581A96DD2E91BB0CEBCF] [SPRF][18/07/2014] (...) -- C:\Users\Vídeos\AppData\Roaming\logs.dat [43266]
[MD5.605A171C61A0607BDCF6BE80ED07CF95] [SPRF][20/03/2013] (.AnjoCaido - Free launcher for Minecraft Alpha.) -- C:\Users\Vídeos\Desktop\Minecraft.exe [695296]
[MD5.347961AE63042B3FD8643FB9A8790AC7] [SPRF][25/06/2014] (...) -- C:\Users\Vídeos\Desktop\Stop Shutdown.bat [11]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{3E482E6A-1FDD-45B2-9F29-8DCCDBEA83A4}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vídeos\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{5820846C-EB2E-4BDF-804D-CF7FD11C882E}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Vídeos\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C2024A6A7916AE2612F4AEA339326462] [WIS][01/07/2014] (.APN, LLC - MediaCaster by Ask.) -- C:\Windows\Installer\117dc30.msi [421888] =>Toolbar.Avira
~ WIS: 1 Legitimates Filtered in 00mn 03s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS =>PUP.AdvancedSystemProtector
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_0614a_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_0614a_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_Setup_RASAPI32 =>PUP.DealKeeper
HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_Setup_RASMANCS =>PUP.DealKeeper
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeScan_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_14657_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\LollipopInstaller_14657_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_applocker_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_applocker_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_morphvox_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_morphvox_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32 =>PUP.WpManager
HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS =>PUP.WpManager
~ BTK: 538 Legitimates Filtered in 00mn 01s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{66c4d8f8-66d0-4eca-8946-d0f47b781e94}] (Deal Keeper) =>PUP.DealKeeper
~ BCK: 7656 Legitimates Filtered in 00mn 17s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Disabled 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 01/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 30/04/2013 217088 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Demand 19/06/2014 107552 | (EasyAntiCheat) . (.EasyAntiCheat Ltd.) - C:\Windows\system32\EasyAntiCheat.exe
SS - | Disabled 10/12/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 10/12/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Disabled 08/05/2014 704112 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>PUP.IePluginService
SS - | Disabled 05/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Disabled 16/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Disabled 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 08/02/2014 569024 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SS - | Disabled 12/06/2014 591776 | (WindowsProtectManger) . (.Fuyu LIMITED.) - C:\ProgramData\WindowsProtectManger\wprotectmanager.exe =>PUP.Fuyu
SR - | Auto 18/07/2014 12464 | (appstoreService) . (.TODO: .) - C:\Program Files\iSafe\appstore\appstoreSvc.exe =>Trojan.Staser
SR - | Auto 12/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 21/07/2014 1905488 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 25/07/2014 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files\iSafe\iSafeSvc.exe =>Trojan.Staser
SR - | Auto 16/07/2014 375056 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Auto 11/07/2014 48240 | (RBClientService) . (.Systweak.) - C:\Program Files\Right Backup\RBClientService.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/03/2010 87536 | ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) . (.CyberLink Corp..) - C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
~ Services: Scanned in 00mn 19s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:04/01/2014 - 16:00:23 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [324096]
~ Emulateurs: Scanned in 00mn 19s



---\\ Scâner Aditional (088)
Database Version : 13026 - (02/08/2014)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 12
Fichiers trouvés (Files found) : 7

[HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66C4D8F8-66D0-4ECA-8946-D0F47B781E94}] =>PUP.DealKeeper^
[HKLM\SYSTEM\CurrentControlSet\Services\appstoreService] =>Trojan.Staser^
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>Trojan.Staser^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper] =>PUP.DealKeeper^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4254522D-5637-006A-76A7-A75C790C0F02}] =>Toolbar.Avira^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1] =>Rogue.RegistryPowerCleaner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe] =>Trojan.Staser^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\VNT] =>Toolbar.Ask^
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
C:\Program Files\Deal Keeper =>PUP.DealKeeper^
C:\Program Files\greaTsaver =>PUP.GreatSaver^
C:\Program Files\GS Supporter =>PUP.SaveClicker^
C:\Program Files\iSafe =>Trojan.Staser^
C:\Program Files\SW_Booster =>PUP.SafeWeb^
C:\ProgramData\greaTsaver =>PUP.GreatSaver^
C:\ProgramData\IePluginServices =>PUP.IePluginService^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\WindowsProtectManger =>PUP.Fuyu^
C:\Users\Vídeos\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Users\Vídeos\AppData\Roaming\sweet-page =>PUP.SweetPage^
C:\Program Files\iSafe\iSafeTray.exe =>Trojan.Staser^
C:\Program Files\iSafe\iSafe.exe =>Trojan.Staser^
C:\Program Files\iSafe\iSafeScan.exe =>Trojan.Staser^
[HKCU\Software\Deal Keeper] =>PUP.DealKeeper^
[HKLM\Software\SupDp] =>PUP.SupTab^
C:\Windows\Installer\117dc30.msi =>Toolbar.Avira^
[HKCR\CLSID\{66c4d8f8-66d0-4eca-8946-d0f47b781e94}] (Deal Keeper) =>PUP.DealKeeper^
~ Additionnel Scan: 281449 Items scanned in 00mn 42s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.Staser
[Você precisa estar registrado e conectado para ver este link.] =>PUP.QuickStart
[Você precisa estar registrado e conectado para ver este link.] =>PUP.DealKeeper
[Você precisa estar registrado e conectado para ver este link.] =>Rogue.RegistryPowerCleaner
[Você precisa estar registrado e conectado para ver este link.] =>Adware.InstallCore
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SupTab
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SaveClicker
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Tarma
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SweetPage
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Ask
[Você precisa estar registrado e conectado para ver este link.] =>PUP.AdvancedSystemProtector
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Lollipop
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Conduit
[Você precisa estar registrado e conectado para ver este link.] =>PUP.WpManager
[Você precisa estar registrado e conectado para ver este link.] =>Adware.BrowseFox
~ MSI: 15 link(s) detected in 00mn 00s



~ 988 Legitimates filtered by white list
End of the scan (720 lines in 02mn 23s)(0)
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Sab 02 Ago 2014, 20:22

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty AdwCleaner[S0]

Mensagem por Style_Games em Sab 02 Ago 2014, 20:38

# AdwCleaner v3.302 - Relatório criado 02/08/2014 às 20:31:42
# Atualizado 30/07/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Vídeos - WIN7-PC
# Executando de : C:\Users\Vídeos\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : IePluginServices
Serviço Deletada : RBClientService
[#] Serviço Deletada : WindowsProtectManger

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\ProgramData\WindowsProtectManger
Pasta Deletada : C:\ProgramData\greaTsaver
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaks
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Program Files\GS Supporter
[!] Pasta Deletada : C:\Program Files\iSafe
Pasta Deletada : C:\Program Files\Right Backup
Pasta Deletada : C:\Program Files\Skillbrains
Pasta Deletada : C:\Program Files\Tweaks
Pasta Deletada : C:\Program Files\greaTsaver
Pasta Deletada : C:\Users\Administrador\AppData\Local\torch
Pasta Deletada : C:\Users\Convidado\AppData\Local\torch
Pasta Deletada : C:\Users\HomeGroupUser$\AppData\Local\torch
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Vídeos\AppData\Local\Skillbrains
Pasta Deletada : C:\Users\Vídeos\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Vídeos\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Vídeos\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\Vídeos\AppData\Roaming\sweet-page
Pasta Deletada : C:\Users\Win7\AppData\Local\Skillbrains
Arquivo Deletada : C:\Users\Public\Desktop\File Extractor.lnk
Arquivo Deletada : C:\Users\Vídeos\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\user.js
Arquivo Deletada : C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default\user.js
Arquivo Deletada : C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Arquivo Deletada : C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal
Arquivo Deletada : C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Arquivo Deletada : C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : RegClean Pro

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_applocker_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_applocker_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_morphvox_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_morphvox_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKCU\Software\Deal Keeper
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\SkillBrains
Chave Deletedo : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Chave Deletedo : HKLM\Software\Deal Keeper
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\SkillBrains
Chave Deletedo : HKLM\Software\SupDp
Chave Deletedo : HKLM\Software\supWindowsProtectManger
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks File Extractor
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Vídeos\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\prefs.js ]

Linha deletada : user_pref("browser.search.defaultenginename", "sweet-page");
Linha deletada : user_pref("browser.search.selectedEngine", "sweet-page");

[ Arquivo : C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\Vídeos\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

[ Arquivo : C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [3594 octets] - [11/05/2014 23:33:08]
AdwCleaner[R1].txt - [7603 octets] - [02/08/2014 20:27:28]
AdwCleaner[S0].txt - [6492 octets] - [02/08/2014 20:31:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6552 octets] ##########
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Sab 02 Ago 2014, 20:39

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

zoek - Vírus Win32:RmnDrp Estragando tudo!!! 772309 Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Style_Games em Sab 02 Ago 2014, 23:42

Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by V¡deos on 02/08/2014 at 23:15:13,56.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\VDEOS~1\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 23:16:46,07 =====

--- Create Environment Variables 23:16:48,21
--- Create System Restore Point 23:17:05,27
--- Checking Input 23:17:25,61
--- Reset Hosts File 23:17:30,96
--- AU AppData Check 23:17:31,74
--- Remove From Windows Installer 23:17:38,48
--- IE Startpage Check 23:19:25,08
--- Program Files DB Check 23:20:19,96
--- C:\Users\Administrador\AppData\ DB Check 23:21:35,67
--- C:\Users\Convidado\AppData\ DB Check 23:21:35,67
--- C:\Users\Default\AppData\ DB Check 23:21:35,67
--- C:\Users\Default User\AppData\ DB Check 23:21:35,67
--- C:\Users\HomeGroupUser$\AppData\ DB Check 23:21:35,67
--- C:\Users\Win7\AppData\ DB Check 23:21:35,67
--- C:\Users\USURIO~1\AppData\ DB Check 23:21:35,67
--- C:\Windows\system32\config\systemprofile\AppData\ DB Check 23:21:35,67
--- C:\Windows\serviceprofiles\networkservice\AppData\ DB Check 23:21:35,67
--- C:\Windows\serviceprofiles\Localservice\AppData\ DB Check 23:21:35,67
--- C:\Users\VDEOS~1 DB Check 23:26:05,68
--- C:\PROGRA~2 DB Check 23:26:40,13
--- C:\Users\Administrador\AppData\Local DB Check 23:26:44,05
--- C:\Users\Convidado\AppData\Local DB Check 23:26:44,05
--- C:\Users\Default\AppData\Local DB Check 23:26:44,05
--- C:\Users\Default User\AppData\Local DB Check 23:26:44,05
--- C:\Users\HomeGroupUser$\AppData\Local DB Check 23:26:44,05
--- C:\Users\Win7\AppData\Local DB Check 23:26:44,05
--- C:\Users\USURIO~1\AppData\Local DB Check 23:26:44,05
--- C:\Windows\system32\config\systemprofile\AppData\Local DB Check 23:26:44,05
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 23:26:44,05
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 23:26:44,05
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 23:28:53,75
--- C:\Users\VDEOS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs DB Check 23:29:02,59
--- Tasks DB Check 23:29:07,85
--- Downloads DB Check 23:29:11,41
--- C:\Users\Win7\AppData\LocalLow DB Check 23:29:16,55
--- C:\Windows\system32\config\systemprofile\AppData\LocalLow DB Check 23:29:16,55
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 23:29:16,55
--- Tasks2 DB Check 23:29:51,23
--- Documents DB Check 23:30:14,45
--- C:\Users\VDEOS~1\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default DB Check 23:30:23,99
--- C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default DB Check 23:30:23,99
--- C:\Users\Public\Desktop DB Check 23:30:29,66
--- C:\Users\VDEOS~1\Desktop DB Check 23:30:33,01
--- Services DB Check 23:30:41,23
--- FF prefs.js DB Check 23:31:02,81
--- Del by CLSID 23:32:14,57
--- Delete Services 23:32:47,45
--- Firefox Fix 23:33:03,25



Obs: Se não é isso desculpa, o meu Zoek trava aí, e não pede pra reiniciar, caso eu reinicie não salva então esse é o jeito...
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Sab 02 Ago 2014, 23:47

Ele não terminou ainda a limpeza dele.

inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro). Quando o PC estiver em modo seguro com rede faça o uso do Zoek como lhe passei e poste o relatório completo dele.
____________________________________________________

Se mesmo assim não for possível, me avise que amanhã eu te passo outro bom programa para continuarmos a limpeza, pois agora preciso descansar um pouco.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Zoek Log

Mensagem por Style_Games em Dom 03 Ago 2014, 00:40

Bom descanso pra você Power, você está me ajudando muito até agora. ^^
Eu fiz o Processo certo agora.
O Resultado esta à baixo.


Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by V¡deos on 03/08/2014 at 0:11:58,48.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\VDEOS~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-03-005348.log 1458 bytes
C:\zoek-results2014-08-03-023303.log 1551 bytes

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iSafeNetFilter deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\VDEOS~1\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultenginename", "sweet-page");
user_pref("browser.search.selectedEngine", "sweet-page");

Added to C:\Users\VDEOS~1\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.newtab.url", "http://www.google.com");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\VDEOS~1\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_082014_0022_.backup
prefs_082014_2100_.backup
prefs_082014_2153_.backup
prefs_082014_2333_.backup

ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_082014_0022_.backup
prefs_082014_2100_.backup
prefs_082014_2153_.backup
prefs_082014_2333_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\RCP deleted
C:\PROGRA~2\DivX deleted
C:\PROGRA~2\MountainApp deleted
C:\Program Files\Deal Keeper deleted
C:\Program Files\SW_Booster deleted
C:\Users\VDEOS~1\kernel.tmp deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC deleted
C:\Users\VDEOS~1\Searches deleted
C:\Windows\system32\tasks\Baidu Antivirus Update deleted
C:\Windows\system32\tasks\Right Backup_startup deleted
C:\Users\VDEOS~1\AppData\Roaming\Mozilla\Firefox\Profiles\yn5tm101.default\extensions\firefox@mightydealkeeper.com.xpi deleted
C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\f8o1ggm2.default\extensions\{849ded12-59e9-4dae-8f86-918b70d213dc} deleted
"C:\PROGRA~2\abc6db1ba5c2821a\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~2\abc6db1ba5c2821a\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted
"C:\PROGRA~2\abc6db1ba5c2821a\{CA41BB14-E67B-1653-C57B-5CA99418A866}.old" deleted
"C:\Program Files\iSafe\iSafeRKScanShell.dll" deleted
"C:\Program Files\iSafe\sqlite3.dll" deleted
"C:\PROGRA~2\abc6db1ba5c2821a" deleted
"C:\Program Files\iSafe" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/05/2014 00:05]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[18/04/2014 14:16]

GreoattsaVer - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
sAve nete - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj
GreoattsaVer - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
System Drive - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
sAve nete - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj
GreoattsaVer - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
System Drive - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
sAve nete - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj
GreoattsaVer - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
System Drive - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
GreoattsaVer - Win7\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Win7\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno
Google Drive - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
GreoattsaVer - Win7\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd
YoutubeAdblocker - Win7\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno

==== Chrome Fix ======================

C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mydailysearch.com_0.localstorage deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mydailysearch.com_0.localstorage-journal deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Win7\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfhpafemlgmogaaodblkfaajijnfdpno deleted successfully
C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Win7\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Win7\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ijbjdeancfedeniaajghfifcabidpapd deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhagdbpmfgcfbfcnfnkkhnjflmfpmfcj deleted successfully
C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd deleted successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\CLSID\{66c4d8f8-66d0-4eca-8946-d0f47b781e94} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66c4d8f8-66d0-4eca-8946-d0f47b781e94} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\Win7\Desktop\Bandicam.lnk - C:\Program Files\Bandicam\bdcam.exe
C:\Users\Win7\Desktop\MK LOL.lnk - C:\Program Files\MKJogo\MKLOL\Bin\MKIM.exe
C:\Users\Win7\Desktop\PointBlank.lnk - C:\ongame\Pointblank\PBLauncher.exe
C:\Users\Win7\Desktop\Skype [2].lnk - C:\Program Files\Skype\Phone\Skype.exe /secondary
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\Counter-Strike 1.6.lnk - C:\Program Files\Counter-Strike 1.6\Counter-Strike.exe
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\Hearthstone.lnk - C:\Program Files\Hearthstone\Hearthstone Beta Launcher.exe
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\LoL.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\Spore.lnk - C:\Program Files\Electronic Arts\SPORE_EP1\SporebinEP1\SporeApp.exe
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\The Stanley Parable.lnk - C:\Program Files\Galactic Cafe\The Stanley Parable\thestanleyparable.exe
C:\Users\Win7\Desktop\Minhas Coisas\Jogos\Mine\Minecraft.lnk - C:\Users\Vídeos\Downloads\Minecraft.exe
C:\Users\Win7\Desktop\Minhas Coisas\Programas\Cheat Engine.lnk - C:\Program Files\Cheat Engine 6.3\Cheat Engine.exe
C:\Users\Win7\Desktop\Minhas Coisas\Programas\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Win7\Desktop\Minhas Coisas\Programas\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Cube World.lnk - C:\Program Files\Cube World\CubeLauncher.exe
C:\Users\Public\Desktop\GS Auto Clicker.lnk - C:\Program Files\GSAutoClicker3\GSAutoClicker.exe
C:\Users\Public\Desktop\LIMBO.lnk - C:\Windows\Installer\{3D88D0F7-FE8C-46A9-9966-3FEE8CAAD8F8}\limbo.exe1_663F3A44D79E46F0AC8BE0E603CDCC71.exe
C:\Users\Public\Desktop\Play League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MKJogo\MKLOL\MK LOL.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\sXe Injected.lnk -
C:\Users\Vídeos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected\Uninstall.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GS Auto Clicker\GS Auto Clicker.lnk - C:\Program Files\GSAutoClicker3\GSAutoClicker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GS Auto Clicker\Uninstall GS Auto Clicker.lnk - C:\Program Files\GSAutoClicker3\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Atualização HP.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Ajuda.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HelpViewer\hpqlpvwr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Comprar suprimentos.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\hpqDTSS.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Configuração da impressora & Software.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Desinstalar.lnk - C:\Windows\System32\msiexec.exe /qb /x {09EC1A2F-F639-49BE-8378-746DA9F286F8}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Estudo de aprimoramento de produtos HP.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe /changesettings /UA 12.5 /DDV 0x0b00
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Ferramentas de diagnóstico de impressora online HP.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\HP Deskjet 1510 series.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HP Deskjet 1510 series.exe -Start UDCDevicePage
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\HP Scan.lnk - C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPScan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\Site de suporte do produto.lnk - C:\Program Files\HP\HP Deskjet 1510 series\ProductSupportShortcut.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Desinstalar HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk - C:\Program Files\HP Photo Creations\PhotoProduct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\system32\msiexec.exe /i {BDA0EB29-8B31-4BF4-8B05-04AA52340AC4} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PointBlank\Uninstall - PointBlank.lnk - C:\ongame\Pointblank\PBUnInst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PointBlank\Website - PointBlank.lnk - C:\ongame\Pointblank\PointBlank.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC App Store\uninstall.lnk - C:\Program Files\iSafe\appstore\uninstall.exe -uninst
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC App Store\YAC App Store.lnk - C:\Program Files\iSafe\appstore\isafeAppStore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\e1eab426-cd29-4453-b836-c17dd92c23ef deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VNT deleted successfully

==== Empty IE Cache ======================

C:\Users\Win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Win7\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Win7\AppData\Local\Mozilla\Firefox\Profiles\f8o1ggm2.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Win7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1798 folders=333 509983944 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Win7\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\VDEOS~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files\iSafe" not found

==== EOF on 03/08/2014 at 0:34:39,19 ======================
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Dom 03 Ago 2014, 10:33

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty JRT

Mensagem por Style_Games em Dom 03 Ago 2014, 13:53

]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by V¡deos on 03/08/2014 at 13:35:53,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bdutil_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bdutil_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DealKeeper_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\deal_keeper_installer_v3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\deal_keeper_installer_v3_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\V¡deos\AppData\Roaming\isafe"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/08/2014 at 13:39:26,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Dom 03 Ago 2014, 14:03

zoek - Vírus Win32:RmnDrp Estragando tudo!!! 772309 Faça o download do Malwarebytes em um destes links abaixo:
[Você precisa estar registrado e conectado para ver este link.]
[Você precisa estar registrado e conectado para ver este link.]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Sem vírus?

Mensagem por Style_Games em Dom 03 Ago 2014, 14:29

Eu resolvi fazer um escaneamento hoje e o Avast não detectou nada! Pensei que era improvável então eu fiz outro escaneamento e de novo deu 'sem vírus', mesmo assim, eu deveria continuar com a limpeza do PC, ou os processos anteriores resolveram o problema da praga Win32:RmnDrp?
 :rindo_atoa: 
Style_Games
Style_Games
Iniciante
Iniciante

Mensagens : 8
Reputação : 0
Data de inscrição : 02/08/2014

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Power Max em Dom 03 Ago 2014, 14:31

Por enquanto a gente só removeu adwares, ainda devem ter outras contaminações no seu PC. É importante ir seguindo estes procedimentos que estou te passando até o computador ficar realmente limpo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por joram em Qui 04 Set 2014, 16:26

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da Equipe da Moderação solicitando o desbloqueio.

_________________
Fórum PC Brasil >> O que há de melhor,para desinfectar seu computador!
Fórum SecSecurity >> Não deixem de conhecer!
Fórum iMasters >> Tradição em informática!
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

zoek - Vírus Win32:RmnDrp Estragando tudo!!! Empty Re: Vírus Win32:RmnDrp Estragando tudo!!!

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum