Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking digg  Social bookmarking delicious  Social bookmarking reddit  Social bookmarking stumbleupon  Social bookmarking slashdot  Social bookmarking yahoo  Social bookmarking google  Social bookmarking blogmarks  Social bookmarking live      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14523 usuários registrados
O último usuário registrado atende pelo nome de Fabio Oliveira

Os nossos membros postaram um total de 35499 mensagens em 3606 assuntos
Últimos assuntos
» Computador lento
por lucasbitt Sex 31 Jan 2020, 11:20

Quem está conectado
1 usuário online :: Nenhum usuário registrado, Nenhum Invisível e 1 Visitante :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 163 em Seg 02 Set 2019, 16:28
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Fevereiro 2020
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
242526272829 

Calendário Calendário


Propagandas indesejaveis nos sites

Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Propagandas indesejaveis nos sites

Mensagem por Douglas Lima em Qua 22 Out 2014, 16:30

Olá gostaria de saber como resolver as propagandas indesejáveis, já tentei e instalei adwcleaner,CCleaner e Adblock plus e nada resolve....até abre novas paginas indesejáveis.


Obrigado pela atenção
Douglas Lima
Douglas Lima
Membro
Membro

Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 37

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por joram em Qui 23 Out 2014, 13:59

Boa Tarde! Douglas Lima

> Baixe: < ZHPDiag2.exe >  < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Nicolas Coolman )
> Ou aqui! << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Execute o ícone do pergaminho. ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

> Ou acesse: < [Você precisa estar registrado e conectado para ver esta imagem.] >

> Ou acesse: < MyFile.tk >

> Ou anexe-o |Aqui!| << Link!

> Maiores informações: < |Link| > << Hospedagem!

A+
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por Douglas Lima em Qui 20 Nov 2014, 10:46

Ja fiz, relatorios abaixo...


~ ZHPCleaner v2014.11.19.230 by Nicolas Coolman (19/11/2014)
~ Run by Douglas (Administrator) (20/11/2014 09:20:08)
~ Forum : [Você precisa estar registrado e conectado para ver este link.]
~ Facebook : [Você precisa estar registrado e conectado para ver este link.]
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Douglas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 32-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ No malicious items found.


---\\ Browser Internet (40)
FOUND IE Params: Start Page ( [Você precisa estar registrado e conectado para ver este link.] )
FOUND IE Params: Search Page ( [Você precisa estar registrado e conectado para ver este link.] )
FOUND IE Params: Start Page ( about:newtab )
FOUND IE Params: Tabs ( about:newtab )
FOUND IE Params: Search Page ( [Você precisa estar registrado e conectado para ver este link.] )
FOUND IE Params: Start Page ( about:newtab )
FOUND FF: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\d502jqdg.default-1410886773127\prefs.js
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("browser.search.order.1", "Google"); (PUP.Babylon)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.AL", 4); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.aflt", "ast_ir_14_42_ff"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1QzutD0C0E0E0EyC0F0ByDyD0DtDtA0AyBzytN0D0Tzu0StCt[...] (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.cr", "308849290"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.1475e97c0146bfb1c490339546d9e72ee", "1"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.851d81cdad83573282e611040475985c", "1"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data._dy", "20141119"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.a._dy", "20141017"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.a.aliveDate", "20141017"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.a.instlDate", "20141003"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.b3._dy", "20141119"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.b3.aliveDate", "20141119"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.b3.instlDate", "20141017"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.cc", "br"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.ccfc1eb13092ea34473c169417eefd00", "1"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.dfltLng", ""); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.dfltSrch", true); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.dnsErr", true); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.excTlbr", false); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.general.guid", "52ea6749-7bb3-4ac2-8415-9ad3a94382e5"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.hmpg", true); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.id", "0CEEE6FB55D03A79"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.instlDay", "16360"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.instlRef", "142905_b"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.prdct", "astrmndasr"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.tlbrId", ""); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.vrsn", ""); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.vrsni", ""); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr_i.newTab", true); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr_i.smplGrp", "none"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr_i.vrsnTs", "9:14:44"); (PUP.Astromenda)


---\\ Hosts file (2)
FOUND: 54.225.95.126 bnbaolfhobbbokdcmfiplbokkokobjgc
Number of found redirections 1/24
Douglas Lima
Douglas Lima
Membro
Membro

Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 37

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por Douglas Lima em Qui 20 Nov 2014, 10:52

---\\ Scheduled automatic tasks. (0)
~ No malicious items found.


---\\ Explorer ( Files, Folders) (47)
FOUND: C:\Users\Douglas\AppData\Roaming\unins000.exe [] ( Adware.Pirrit)
FOUND: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\d502jqdg.default-1410886773127\searchplugins\Vosteran.xml [] (PUP.Vosteran)
FOUND BHO: C:\Program Files\GoSave\A1h4LK9H9lxYmo.dll [ - ] (PUP.GoSave)
FOUND: C:\Windows\Tasks\WSE_Vosteran.job (PUP.Vosteran)
FOUND: C:\Users\Douglas\AppData\Roaming\unins000.exe [ - Setup/Uninstall] (Adware.GenericTask)
FOUND: C:\Program Files\GoSave (PUP.GoSave)
FOUND: C:\Program Files\GoSave\A1h4LK9H9lxYmo.dat [ - ] (PUP.GoSave)
FOUND: C:\Program Files\GoSave\A1h4LK9H9lxYmo.dll [ - ] (PUP.GoSave)
FOUND: C:\Program Files\GoSave\A1h4LK9H9lxYmo.exe [ - ] (PUP.GoSave)
FOUND: C:\Program Files\GoSave\A1h4LK9H9lxYmo.tlb [ - ] (PUP.GoSave)
FOUND: C:\Program Files\WSE_Vosteran (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\astcnfg.dat [ - ] (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\bh [ - ] (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\FavIcon.ico [ - ] (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\Sqlite3.dll [ - ] (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\uninst.dat [ - ] (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\uninstall.exe [Setup © - Setup ] (PUP.Vosteran)
FOUND: C:\Program Files\GoSave (PUP.GoSave)
FOUND: C:\Program Files\GoSave\A1h4LK9H9lxYmo.dat [ - ] (PUP.GoSave)
FOUND: C:\Program Files\GoSave\A1h4LK9H9lxYmo.dll [ - ] (PUP.GoSave)
FOUND: C:\Program Files\GoSave\A1h4LK9H9lxYmo.exe [ - ] (PUP.GoSave)
FOUND: C:\Program Files\GoSave\A1h4LK9H9lxYmo.tlb [ - ] (PUP.GoSave)
FOUND: C:\Program Files\WSE_Vosteran (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\astcnfg.dat [ - ] (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\bh [ - ] (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\FavIcon.ico [ - ] (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\Sqlite3.dll [ - ] (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\uninst.dat [ - ] (PUP.Vosteran)
FOUND: C:\Program Files\WSE_Vosteran\uninstall.exe [Setup © - Setup ] (PUP.Vosteran)
FOUND: C:\ProgramData\InstallMate (PUP.Tarma)
FOUND: C:\ProgramData\InstallMate\295876CF [ - ] (PUP.Tarma)
FOUND: C:\ProgramData\InstallMate\3510BD03 [ - ] (PUP.Tarma)
FOUND: C:\ProgramData\InstallMate\46304B2B [ - ] (PUP.Tarma)
FOUND: C:\ProgramData\InstallMate\{5BEC6798-91D7-4C55-AEBE-D9F5800F456E} [ - ] (PUP.Tarma)
FOUND: C:\Users\Douglas\AppData\Roaming\nationzoom (Hijacker.NationZoom)
FOUND: C:\Users\Douglas\AppData\Roaming\nationzoom\8.json [ - ] (Hijacker.NationZoom)
FOUND: C:\Users\Douglas\AppData\Roaming\nationzoom\DataBase [ - ] (Hijacker.NationZoom)
FOUND: C:\Users\Douglas\AppData\Roaming\nationzoom\log [ - ] (Hijacker.NationZoom)
FOUND: C:\Users\Douglas\AppData\Roaming\nationzoom\nationzoom.exe [???????????? - ????????] (Hijacker.NationZoom)
FOUND: C:\Users\Douglas\AppData\Roaming\nationzoom\UpDate.dll [Skytech Co., Ltd. - Skytech] (Hijacker.NationZoom)
FOUND: C:\Users\Douglas\AppData\Roaming\WSE_Vosteran (PUP.Vosteran)
FOUND: C:\Users\Douglas\AppData\Roaming\WSE_Vosteran\icons_3.6.2.0 [ - ] (PUP.Vosteran)
FOUND: C:\Users\Douglas\AppData\Roaming\WSE_Vosteran\UpdateProc [ - ] (PUP.Vosteran)
FOUND: C:\Users\Douglas\AppData\Local\Vosteran (PUP.Vosteran)
FOUND: C:\Users\Douglas\AppData\Local\Vosteran\User Data [ - ] (PUP.Vosteran)
FOUND: C:\ProgramData\InstallMate\{5BEC6798-91D7-4C55-AEBE-D9F5800F456E}\Setup.exe [Tarma Software Research Pty Ltd] (PUP.Tarma)
FOUND: C:\ProgramData\InstallMate\{5BEC6798-91D7-4C55-AEBE-D9F5800F456E}\TsuDll.dll [Tarma Software Research Pty Ltd] (PUP.Tarma)


---\\ Registry ( Keys, Values, Datas) (22)
FOUND: HKCR\CLSID\{981b527d-707a-441b-95b3-2e42a5b93400} [GoSave] (PUP.GoSave)
FOUND: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{981b527d-707a-441b-95b3-2e42a5b93400} [GoSave] (PUP.GoSave)
FOUND: HKCR\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\\http://search.certified-toolbar.com?si=77301&st=bs&tid=[...] [Web Search] (PUP.CertifiedToolbar)
FOUND: HKCR\CLSID\{86ac6ea1-11f8-42b3-80b6-461fe9beacd0} [AWinUpd Class] (PUP.WinRST)
FOUND: HKCR\CLSID\{8C9E6B7A-6B70-4768-9656-444DCA6890B2} [NMSearchQuerySyntaxTree Class] (PUP.Datamngr)
FOUND: HKCR\CLSID\{BFF3B8F9-4CF4-4843-9DA6-097193056FB3} [NMSearchQueryConfigManager Class] (PUP.Datamngr)
FOUND: HKCU\Software\funmoodsToolbar (PUP.Funmoods)
FOUND: HKCU\Software\InstallCore (Adware.InstallCore)
FOUND: HKCU\Software\Smartbar (Hijacker.SmartBar)
FOUND: HKCU\Software\Vosteran (PUP.Vosteran)
FOUND: HKCU\Software\Vosteran Browser (PUP.Vosteran)
FOUND: HKCU\Software\wse_vosteran (PUP.Vosteran)
FOUND: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Bizzybolt (PUP.Bizzybolt)
FOUND: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update FindRight (PUP.FindRight)
FOUND: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update ToggleMark (PUP.ToggleMark)
FOUND: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util FindRight (PUP.FindRight)
FOUND: HKLM\SOFTWARE\InstallCore (Adware.InstallCore)
FOUND: HKLM\SOFTWARE\SiteFinder (Adware.ShoppingReport)
FOUND: HKLM\SOFTWARE\T4PC (PUP.EoRezo)
FOUND: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran (PUP.Vosteran)
FOUND: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch (Spyware.ProtectedSearch)
FOUND: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran (PUP.Vosteran)



---\\ Result of repair
~ Any repair made


End of clean at 09:36:15
Douglas Lima
Douglas Lima
Membro
Membro

Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 37

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por joram em Qui 20 Nov 2014, 11:55

Bom Dia! Douglas Lima

> Após a ferramenta AdwCleaner,execute ZHPDiag2 e poste seu relatório! ( ZHPDiag.txt )
> Ps: A ferramenta ZHPCleaner não foi solicitada!   

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... par Xplode )
>
> Ou daqui: < AdwCleaner >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!

< [Você precisa estar registrado e conectado para ver esta imagem.] >

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Ps: Dê início ao scan,clicando em "Examinar". 

< [Você precisa estar registrado e conectado para ver esta imagem.] >

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

A+
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por Douglas Lima em Sex 21 Nov 2014, 16:37

Ok


Vou fazer esse procedimentos...ja ja mando... sites - Propagandas indesejaveis nos sites 404338
Douglas Lima
Douglas Lima
Membro
Membro

Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 37

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por Douglas Lima em Sex 21 Nov 2014, 17:27

Esse foi no procedimento com AdwCleaner....


# AdwCleaner v4.101 - Relatório criado 21/11/2014 às 15:50:12
# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-16.1 [Live]
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)
# Usuário : Douglas - DOUGLAS-PC
# Executando de : C:\Users\Douglas\Downloads\adwcleaner_4.101.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v33.1.1 (x86 pt-BR)


-\\ Google Chrome v35.0.1916.114


-\\ Comodo Dragon v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [34485 octets] - [14/05/2014 16:47:53]
AdwCleaner[R10].txt - [5054 octets] - [22/10/2014 09:56:26]
AdwCleaner[R11].txt - [2144 octets] - [22/10/2014 10:59:17]
AdwCleaner[R12].txt - [2199 octets] - [22/10/2014 12:50:05]
AdwCleaner[R13].txt - [2806 octets] - [22/10/2014 14:45:48]
AdwCleaner[R14].txt - [3945 octets] - [19/11/2014 10:02:52]
AdwCleaner[R15].txt - [4875 octets] - [20/11/2014 13:56:55]
AdwCleaner[R16].txt - [2877 octets] - [21/11/2014 15:38:58]
AdwCleaner[R1].txt - [1374 octets] - [02/06/2014 17:10:04]
AdwCleaner[R2].txt - [10813 octets] - [10/06/2014 08:52:57]
AdwCleaner[R3].txt - [2033 octets] - [18/06/2014 08:47:32]
AdwCleaner[R4].txt - [23811 octets] - [04/07/2014 08:32:05]
AdwCleaner[R5].txt - [1921 octets] - [09/07/2014 11:49:24]
AdwCleaner[R6].txt - [14687 octets] - [19/09/2014 16:19:37]
AdwCleaner[R7].txt - [6095 octets] - [17/10/2014 09:33:03]
AdwCleaner[R8].txt - [7788 octets] - [21/10/2014 11:38:49]
AdwCleaner[R9].txt - [1247 octets] - [22/10/2014 09:18:14]
AdwCleaner[S0].txt - [30362 octets] - [14/05/2014 16:52:58]
AdwCleaner[S10].txt - [2189 octets] - [22/10/2014 11:04:02]
AdwCleaner[S11].txt - [2246 octets] - [22/10/2014 13:07:28]
AdwCleaner[S12].txt - [2844 octets] - [22/10/2014 15:01:33]
AdwCleaner[S13].txt - [4015 octets] - [19/11/2014 10:09:22]
AdwCleaner[S14].txt - [5954 octets] - [20/11/2014 14:05:49]
AdwCleaner[S15].txt - [2250 octets] - [21/11/2014 15:50:12]
AdwCleaner[S1].txt - [1422 octets] - [02/06/2014 17:12:59]
AdwCleaner[S2].txt - [9586 octets] - [10/06/2014 09:01:06]
AdwCleaner[S3].txt - [2079 octets] - [18/06/2014 08:56:19]
AdwCleaner[S4].txt - [20267 octets] - [04/07/2014 08:36:57]
AdwCleaner[S5].txt - [1969 octets] - [09/07/2014 11:56:54]
AdwCleaner[S6].txt - [13492 octets] - [19/09/2014 16:24:45]
AdwCleaner[S7].txt - [5044 octets] - [17/10/2014 09:39:02]
AdwCleaner[S8].txt - [7369 octets] - [21/10/2014 11:44:40]
AdwCleaner[S9].txt - [4841 octets] - [22/10/2014 10:04:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S15].txt - [2853 octets] ##########
Douglas Lima
Douglas Lima
Membro
Membro

Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 37

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por Douglas Lima em Sex 21 Nov 2014, 17:30

logo em seguida foi no procedimento com ZHPCleaner....



~ ZHPCleaner v2014.11.21.233 by Nicolas Coolman (21/11/2014)
~ Run by Douglas (Administrator) (21/11/2014 16:00:33)
~ Forum : [Você precisa estar registrado e conectado para ver este link.]
~ Facebook : [Você precisa estar registrado e conectado para ver este link.]
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Douglas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 32-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ No malicious items found.


---\\ Browser Internet (9)
FOUND FF: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\d502jqdg.default-1410886773127\prefs.js
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.1475e97c0146bfb1c490339546d9e72ee", "1"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data._dy", "20141121"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.b3._dy", "20141121"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.b3.aliveDate", "20141121"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.b3.instlDate", "20141120"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.cc", "br"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.data.f2ffeab4c436ed47a9e52788e2586f2a", "5"); (PUP.Astromenda)
FOUND FF: [d502jqdg.default-1410886773127] - user_pref("extensions.astrmndasr.general.guid", "792b3fc7-836a-4953-8e41-349342d63599"); (PUP.Astromenda)


---\\ Hosts file (1)
~ The hosts file is legitimate (23)


---\\ Scheduled automatic tasks. (0)
~ No malicious items found.


---\\ Explorer ( Files, Folders) (2)
FOUND: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdncache-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
FOUND: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdncache-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)


---\\ Registry ( Keys, Values, Datas) (2)
FOUND: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch (Spyware.ProtectedSearch)
FOUND: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran (PUP.Vosteran)



---\\ Result of repair
~ Any repair made


End of clean at 16:23:11


Douglas Lima
Douglas Lima
Membro
Membro

Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 37

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por joram em Sex 21 Nov 2014, 17:58

Boa Tarde! Douglas Lima

Douglas Lima escreveu:logo em seguida foi no procedimento com ZHPCleaner....
> A ferramenta solicitada não é a ZHPCleaner e sim ZHPDiag.
> Já fiz o pedido em Post anterior,e tem quase 1 mês.

A+

_________________
Fórum PC Brasil >> O que há de melhor,para desinfectar seu computador!
Fórum SecSecurity >> Não deixem de conhecer!
Fórum iMasters >> Tradição em informática!
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por Douglas Lima em Ter 25 Nov 2014, 11:21

É porque o ZHPDiag diz não ser A atual versao daí pediu atualizar....vou refazer denovo...
Douglas Lima
Douglas Lima
Membro
Membro

Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 37

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por Douglas Lima em Ter 25 Nov 2014, 12:17

Segue abaixo o relatório pelo ZHPDiag......


~ Relatório do ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)
~ Iniciado por Douglas (25/11/2014 11:08:21)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 33.1.1 (Defaut)
GCIE: Google Chrome v39.0.2171.65

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Microsoft Security Client v4.6.0305.0
Windows Defender W7 (Deactivate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 15 Plugin

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 22 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 38 GB (49%) free of 76 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DOUGLAS-PC
~ User Name: Douglas
~ All Users Names: Douglas, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Douglas\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Douglas\AppData\Roaming\
~ %Desktop% : C:\Users\Douglas\Desktop\
~ %Favorites% : C:\Users\Douglas\Favorites\
~ %LocalAppData% : C:\Users\Douglas\AppData\Local\
~ %StartMenu% : C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 38 Go of 76 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 167 Go of 406 Go)
F: Hard drive, Flash drive, Thumb drive (Free 60 Go of 60 Go)
G: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 43 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 09:17:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 03:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/12/2013 - 18:03:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/36
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 1/34
~ Mon Bureau (My Desktop) : 1/945
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 02s



---\\ Processos lançados
[MD5.0F484CEBC0E6724B157E644787B66B68] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe [623520] [PID.1924]
[MD5.FFB8CB731D62EC434A552680E0F8EC1A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5226600] [PID.1932]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.1940]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.1948]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.1956]
[MD5.18B6A913D2FBC0E5C02C14B24359E828] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [18944] [PID.1964]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.360]
[MD5.D51F9443E97EE4546685591E8FC66646] - (.Hewlett-Packard Company - HP UT Driver.) -- C:\Program Files\HP\HP UT\bin\hppusg.exe [24576] [PID.1672]
[MD5.86F0D0B3A07C142C81DAB47E8495A822] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.1468]
[MD5.C10E5EF1B85DE5B79AC2815C9A677D1F] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe [1385808] [PID.1288] =>P2P.BitTorrent
[MD5.FFBD5650348D4F9E0AA8E72938DC6478] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1213736] [PID.2932]
[MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8099328] [PID.2828]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E8878} . (...) --
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886D} . (...) -- C:\Users\Douglas\AppData\Local\GAS Tecnologia\GBBD\cef\xpi (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bes] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Douglas\AppData\Local\GAS Tecnologia\GBBD\npsf_bes.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn 03s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = [Você precisa estar registrado e conectado para ver este link.]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (23)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} . (.Adblock Pro Team - IE Anti-AD Add-ons.) -- C:\Program Files\Adblock Pro\AdblockPro.dll
~ BHO: 12 Legitimates Filtered in 00mn 01s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{8a368362-3e07-415e-b744-bfb648da65af} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Douglas]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 07s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] . (.Microsoft - UpdateUtil Application.) -- C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [fst_br_210] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [HPUsageTracking] . (.Hewlett-Packard Company - HP UT Driver.) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Douglas\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1013270533-3712062616-9224882-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-1013270533-3712062616-9224882-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Douglas\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1013270533-3712062616-9224882-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} . (.Adblock Pro Team - IE Anti-AD Add-ons.) -- C:\Program Files\Adblock Pro\AdblockPro.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A7F570F-47AB-4262-9D96-042DB0E7F28E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Aplicação do Cash 'n Back (CashNBack Application) . (...) - C:\Program Files\RBM\CashNBack\CashNBack.exe
O23 - Service: Charismathics Smart Security Service (cmevtsrv) . (.charismathics GmbH - charismathics smart security service.) - C:\Windows\system32\cmEvtSrv.exe
~ Services: 6 Legitimates Filtered in 00mn 21s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [WSE_Vosteran] (...) -- C:\Users\Douglas\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
[MD5.4AD1C6066BDC00497BAFF665FA7FB264] [APT] [{0ADB78AB-E259-406C-B55E-8F273DEDD50B}] (.CAIXA ECONÔMICA FEDERAL.) -- C:\Program Files\CAIXA\CNS\cnsini.exe [620032]
[MD5.00000000000000000000000000000000] [APT] [{37A30449-02E1-4B84-A4EA-58EBD50A409F}] (...) -- C:\Users\Douglas\Downloads\AICCertisign (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{64BB8F65-AB1D-4627-B5DE-D239D37641A0}] (...) -- C:\Users\Douglas\Downloads\Assistente (4).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{76A43326-1446-430D-98C7-D2BED846C935}] (...) -- C:\Program Files\CAIXA\CNS\hhupd.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A4EBB53C-19AA-45EB-809C-A28F790AA90D}] (...) -- C:\Users\Douglas\Downloads\AssistenteCertificadoDigital.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B9CF1B1E-3C51-4167-8A5D-A68E009B3BCE}] (...) -- C:\Users\Douglas\Downloads\crnet11win_en.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BDCF2066-5148-4FD1-BD10-A4BEE9C16309}] (...) -- E:\DOUGLAS\JOGOS XBOX\GTA San Andreas Completo\Install.exe (.not file.) [0]
[MD5.6D1E1FAB7950DFCEB4F4FE895D8EC778] [APT] [{C6C7A646-73A6-4AB9-BEC7-D6DEB5F5D5FB}] (.CAIXA.) -- C:\Users\Douglas\Downloads\iGBPCEFsf.exe [2514272]
[MD5.00000000000000000000000000000000] [APT] [{E80A56A9-6D50-4719-82EB-4343E2A28219}] (...) -- C:\Users\Douglas\Downloads\Instalador_GRRF_FB_v27\Instalador_GRRF_FB.exe (.not file.) [0]
[MD5.973567B98CDFC147DF4E60471D9DF072] [APT] [{EF8DDBEB-87F5-4363-9EA1-DAEECC6B63AF}] (...) -- C:\Program Files\GRRF\UNWISE.exe [153088]
[MD5.00000000000000000000000000000000] [APT] [{F68865B5-C530-4508-9E4F-2645B902B2F4}] (...) -- C:\Users\Douglas\Downloads\AssistenteCertificadoDigital (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [SystemSockets] (...) -- C:\Program Files\HomeTab\WConnectorHandler.exe (.not file.) [0] =>PUP.CertifiedToolbar
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1013270533-3712062616-9224882-1000Core [914]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1013270533-3712062616-9224882-1000UA [936]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 13s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (pofilterdrv) . (. - .) - C:\Windows\System32\drivers\pofilterdrv.sys (.not file.)
~ Drivers: 81 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: ACI - (.Dataprev.) [HKCU] -- EBB7DDC5-F8A7-4C1A-8BDB-C64456D342A5
O42 - Logiciel: Horizon v2.7.9.3 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Módulo de proteção BANESE - (.Banco do Estado de Sergipe.) [HKCU] -- {20644A06-6F30-4CCD-ADB0-1FA4EBE1DCC2}_is1
~ Logic: 8 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\ARL]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Browser]
[HKCU\Software\GbAs]
[HKCU\Software\SERPRO]
[HKCU\Software\Tribo Gamer]
[HKCU\Software\WCA]
[HKCU\Software\charismathics]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\Caixa]
[HKLM\Software\Cash 'n Back]
[HKLM\Software\DesignSource]
[HKLM\Software\MaxPower]
[HKLM\Software\Programas RFB]
[HKLM\Software\baidu]
[HKLM\Software\charismathics]
~ Key Software: 179 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/01/2014 - 15:37:58 - [] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 23/09/2014 - 09:11:41 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 01/07/2014 - 12:16:07 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 19/09/2014 - 12:59:03 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.83884
O43 - CFD: 22/10/2014 - 14:57:24 - [] ----D C:\Program Files\BRApp
O43 - CFD: 07/10/2014 - 08:31:32 - [] ----D C:\Program Files\CAGEDNet
O43 - CFD: 09/10/2014 - 09:10:26 - [] ----D C:\Program Files\CAIXA
O43 - CFD: 09/01/2014 - 11:54:10 - [] ----D C:\Program Files\Charismathics
O43 - CFD: 08/10/2014 - 14:50:11 - [] ----D C:\Program Files\Daring Development
O43 - CFD: 04/12/2013 - 09:01:14 - [] ----D C:\Program Files\G&D
O43 - CFD: 24/01/2014 - 14:04:57 - [] ----D C:\Program Files\GRRF
O43 - CFD: 11/10/2014 - 13:44:49 - [] ----D C:\Program Files\Jogando.net - Mu Online Season 6 - Extreme e War
O43 - CFD: 06/06/2014 - 08:33:44 - [] ----D C:\Program Files\My Logon Manager
O43 - CFD: 21/10/2014 - 15:43:22 - [] ----D C:\Program Files\NJax
O43 - CFD: 02/12/2013 - 14:51:05 - [] ----D C:\Program Files\Novo_Dicionario_Aurelio_5.0.40___Serial
O43 - CFD: 28/03/2014 - 14:46:39 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 03/10/2014 - 12:18:49 - [] ----D C:\Program Files\RBM
O43 - CFD: 08/01/2014 - 15:37:56 - [] ----D C:\ProgramData\A.E.T. Europe B.V
O43 - CFD: 29/10/2014 - 08:36:06 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 29/09/2014 - 21:28:44 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 19/11/2014 - 17:11:00 - [] ----D C:\ProgramData\jgflmbfbjllenegldfiegbljahklebin
O43 - CFD: 11/03/2014 - 17:03:10 - [] ----D C:\ProgramData\SnowApp
O43 - CFD: 23/09/2014 - 09:11:28 - [] ----D C:\Users\Douglas\AppData\Roaming\Baidu Security
O43 - CFD: 21/10/2014 - 15:48:07 - [] ----D C:\Users\Douglas\AppData\Roaming\Gamebox
O43 - CFD: 17/02/2014 - 11:52:16 - [] ----D C:\Users\Douglas\AppData\Roaming\rmi
O43 - CFD: 04/12/2013 - 09:08:21 - [] ----D C:\Users\Douglas\AppData\Local\A.E.T. Europe B.V
O43 - CFD: 03/07/2014 - 15:41:38 - [] ----D C:\Users\Douglas\AppData\Local\com
O43 - CFD: 17/07/2014 - 15:47:47 - [] ----D C:\Users\Douglas\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142190}
O43 - CFD: 11/12/2013 - 16:19:59 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI
O43 - CFD: 11/12/2013 - 16:23:41 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet
O43 - CFD: 02/12/2013 - 16:23:04 - [0] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAIXA
O43 - CFD: 02/04/2014 - 10:09:45 - [0] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CapCAIXA
O43 - CFD: 24/01/2014 - 14:04:00 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava
O43 - CFD: 04/02/2014 - 11:02:34 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 28/03/2014 - 14:17:54 - [] ----D C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 213 Legitimates Filtered in 00mn 02s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.9D23DE88C3B18BA87CD4587177CA6CEA] - 19/11/2014 - 10:18:52 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 20/11/2014 - 10:08:27 ---A- . (...) -- C:\essai.txt [0]
O44 - LFC:[MD5.19B83097F56A6936B8FC72CDB1DE26BA] - 21/11/2014 - 11:03:04 ---A- . (.Software 2000 Limited - HP LaserJet P1006 Language Monitor.) -- C:\Windows\System32\HP1006LM.DLL [286720]
O44 - LFC:[MD5.4ADF32EA5CF33F0D289C1A1AE8EE1CC4] - 21/11/2014 - 11:03:09 ---A- . (...) -- C:\Windows\System32\HPPLVS.dll [65536]
O44 - LFC:[MD5.A1FAA174DF45905416EA9C1E41515970] - 21/11/2014 - 11:03:10 ---A- . (...) -- C:\Windows\System32\HRes1200.txt [80399]
O44 - LFC:[MD5.18B5192AFBEE11825D44C5984790CFCD] - 21/11/2014 - 11:03:10 ---A- . (...) -- C:\Windows\System32\HRes600.txt [80399]
O44 - LFC:[MD5.7C25DEF60C43017B27029F2EFD9D5DCC] - 21/11/2014 - 11:03:14 ---A- . (...) -- C:\Windows\System32\W600dpi.txt [1071]
O44 - LFC:[MD5.D5A3BCDCEC5FF68E1160A847BED755C0] - 21/11/2014 - 11:03:14 ---A- . (...) -- C:\Windows\System32\WRes1200.txt [80399]
O44 - LFC:[MD5.65A8762527BF5CA098AD43298135EE79] - 25/11/2014 - 09:26:04 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [132936]
O44 - LFC:[MD5.E9490F7F826EDE73E53AD195FF0633B7] - 25/11/2014 - 09:26:04 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [673100]
~ Files: 29 Legitimates Filtered in 01mn 26s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{8d8af7ca-3456-11e4-a295-0ceee6fb55d0}\AutoRun\command. (...) -- H:\LGAutoRun.exe (.not file.)
O51 - MPSK:{f4a65c29-779e-11e3-b957-0ceee6fb55d0}\AutoRun\command. (...) -- I:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 1 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:16/12/2010 - 20:35:26 ---A- . (...) -- C:\Windows\System32\Drivers\AlcGener.sys [18048]
O58 - SDL:19/11/2014 - 10:18:52 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:19/11/2014 - 10:18:52 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:19/11/2014 - 10:18:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [206248] =>.ALWIL Software
O58 - SDL:31/07/2014 - 12:12:50 ---A- . (.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\cashnbackdrv.sys [42464]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:02/10/2014 - 23:29:32 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\mosfilterdrv.sys [55608]
O58 - SDL:21/06/2011 - 11:24:06 ---A- . (...) -- C:\Windows\System32\Drivers\sp_rsdrv2.sys [32768]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 73 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 19/11/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 31/07/2014 - C:\Windows\System32\drivers\cashnbackdrv.sys (cashnbackdrv) .(.Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP).) - LEGACY_CASHNBACKDRV
~ Legacy: 156 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
[MD5.566D862E7338503CDF86086ECC7D35F7] [SPRF][14/01/2014] (...) -- C:\ProgramData\vault32.dll [176]
[MD5.754235865DBDA27621ADAFA05A4BD574] [SPRF][06/12/2013] (...) -- C:\Users\Douglas\AppData\Roaming\unins000.dat [13391]
[MD5.C0B59FF7EE933362B2D5D1941094C879] [SPRF][27/02/2014] (...) -- C:\Users\Douglas\Desktop\abp.exe [448783]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{B5D26F48-3E74-4D4D-B509-A0234D1577FA}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{6458C692-7279-4ADE-9A40-103ECB982FF1}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{343DD425-B5CA-47F4-AD6C-DF79FBA1F3A9}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{709268D1-5F7F-4C9E-8AED-714B773B4F5B}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 03s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard
~ BCK: 7798 Legitimates Filtered in 00mn 33s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 19/11/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 25/11/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 25/11/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 24/02/2014 2689224 | (PSafeSVC) . (.PSafe S/A.) - C:\Program Files\PSafe\psafesvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 19/11/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 24/09/2014 2214000 | (CashNBack Application) . (...) - C:\Program Files\RBM\CashNBack\CashNBack.exe
SR - | Auto 09/11/2011 74784 | (cmevtsrv) . (.charismathics GmbH.) - C:\Windows\system32\cmEvtSrv.exe
SR - | Auto 22/08/2014 22192 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 37s



---\\ Scâner Aditional (088)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class) =>PUP.TVWizard^
~ Additionnel Scan: 260638 Items scanned in 01mn 33s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Barras do Internet Explorer (03))
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Chave do registo Shell MountPoints2 (MPKS) (O51)
~ AMI: 5 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.CertifiedToolbar
~ MSI: 1 link(s) detected in 00mn 00s



~ 878 Legitimates filtered by white list
End of the scan (548 lines in 05mn 29s)(0)
Douglas Lima
Douglas Lima
Membro
Membro

Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 37

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por Douglas Lima em Ter 25 Nov 2014, 12:18

Foi feito primeiro pelo AdwCleaner depois foi pelo ZHPDiag, conforme a orientação....
Douglas Lima
Douglas Lima
Membro
Membro

Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 37

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por joram em Ter 25 Nov 2014, 13:04

Boa Tarde! Douglas Lima

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
sysrestore
[MD5.00000000000000000000000000000000] [APT] [WSE_Vosteran] (...) -- C:\Users\Douglas\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{37A30449-02E1-4B84-A4EA-58EBD50A409F}] (...) -- C:\Users\Douglas\Downloads\AICCertisign (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{64BB8F65-AB1D-4627-B5DE-D239D37641A0}] (...) -- C:\Users\Douglas\Downloads\Assistente (4).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{76A43326-1446-430D-98C7-D2BED846C935}] (...) -- C:\Program Files\CAIXA\CNS\hhupd.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A4EBB53C-19AA-45EB-809C-A28F790AA90D}] (...) -- C:\Users\Douglas\Downloads\AssistenteCertificadoDigital.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B9CF1B1E-3C51-4167-8A5D-A68E009B3BCE}] (...) -- C:\Users\Douglas\Downloads\crnet11win_en.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BDCF2066-5148-4FD1-BD10-A4BEE9C16309}] (...) -- E:\DOUGLAS\JOGOS XBOX\GTA San Andreas Completo\Install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E80A56A9-6D50-4719-82EB-4343E2A28219}] (...) -- C:\Users\Douglas\Downloads\Instalador_GRRF_FB_v27\Instalador_GRRF_FB.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F68865B5-C530-4508-9E4F-2645B902B2F4}] (...) -- C:\Users\Douglas\Downloads\AssistenteCertificadoDigital (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [SystemSockets] (...) -- C:\Program Files\HomeTab\WConnectorHandler.exe (.not file.) [0]
C:\Users\Douglas\AppData\Local\com
[HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}] (NMBAppGlobalSettingsExtensionTVWizard Class)
O3 - Toolbar: (no name) - [HKLM]{8a368362-3e07-415e-b744-bfb648da65af} Chave orfã
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1013270533-3712062616-9224882-1000Core [914]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1013270533-3712062616-9224882-1000UA [936]
O41 - Driver: (pofilterdrv) . (. - .) - C:\Windows\System32\drivers\pofilterdrv.sys (.not file.)
O43 - CFD: 29/09/2014 - 21:28:44 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 21/10/2014 - 15:48:07 - [] ----D C:\Users\Douglas\AppData\Roaming\Gamebox
O43 - CFD: 01/07/2014 - 12:16:07 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.73687
O43 - CFD: 19/09/2014 - 12:59:03 - [] ----D C:\Program Files\Baidu-Security-2014-4.4.4.83884
O51 - MPSK:{8d8af7ca-3456-11e4-a295-0ceee6fb55d0}\AutoRun\command. (...) -- H:\LGAutoRun.exe (.not file.)
O51 - MPSK:{f4a65c29-779e-11e3-b957-0ceee6fb55d0}\AutoRun\command. (...) -- I:\LGAutoRun.exe (.not file.)
ServiceStop:pofilterdrv


> Abra a ferramenta ZHPFix. < [Você precisa estar registrado e conectado para ver esta imagem.] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

A+
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por Douglas Lima em Qua 26 Nov 2014, 11:02

Bom dia!

Abaixo o relatorio em ZHPFix....

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Douglas at 26/11/2014 09:51:59
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (03mn 44s)
Prefetcher vazio

========== Estado dos serviços ==========
pofilterdrv Parado

========== Chaves do Registo ==========
ELIMINÉ: HKCR\CLSID\{982A3C94-BE06-422B-9B4F-484B8FABF166}
ELIMINÉ Driver Key: pofilterdrv
ELIMINÉ CLSID MPSK: {8d8af7ca-3456-11e4-a295-0ceee6fb55d0}
ELIMINÉ CLSID MPSK: {f4a65c29-779e-11e3-b957-0ceee6fb55d0}

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: Toolbar: {8a368362-3e07-415e-b744-bfb648da65af}

========== Pastas ==========
ELIMINÉ Temporários windows (311)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: c:\users\douglas\appdata\local\com
ELIMINÉ: C:\ProgramData\boost_interprocess
ELIMINÉ: C:\Users\Douglas\AppData\Roaming\Gamebox
ELIMINÉ: C:\Program Files\Baidu-Security-2014-4.4.4.73687
ELIMINÉ: C:\Program Files\Baidu-Security-2014-4.4.4.83884

========== Ficheiros ==========
ELIMINÉ Temporários windows (3022) (368.991.784 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-1013270533-3712062616-9224882-1000core
ELIMINÉ: c:\windows\system32\tasks\facebookupdatetaskusers-1-5-21-1013270533-3712062616-9224882-1000ua

========== Tarefa planificada ==========
ELIMINÉ: WSE_Vosteran
ELIMINÉ: {37A30449-02E1-4B84-A4EA-58EBD50A409F}
ELIMINÉ: {64BB8F65-AB1D-4627-B5DE-D239D37641A0}
ELIMINÉ: {76A43326-1446-430D-98C7-D2BED846C935}
ELIMINÉ: {A4EBB53C-19AA-45EB-809C-A28F790AA90D}
ELIMINÉ: {B9CF1B1E-3C51-4167-8A5D-A68E009B3BCE}
ELIMINÉ: {BDCF2066-5148-4FD1-BD10-A4BEE9C16309}
ELIMINÉ: {E80A56A9-6D50-4719-82EB-4343E2A28219}
ELIMINÉ: {F68865B5-C530-4508-9E4F-2645B902B2F4}
ELIMINÉ: SystemSockets
ELIMINÉ: SystemSockets

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
4 : Chaves do Registo
3 : Valores do Registo
7 : Pastas
4 : Ficheiros
1 : Estado dos serviços
11 : Tarefa planificada
1 : Restauração Sistema


End of clean in 05mn 20s

========== Caminho do ficheiro do relatório ==========
C:\Users\Douglas\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/11/2014 09:55:44 [2370]
Douglas Lima
Douglas Lima
Membro
Membro

Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 37

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por joram em Qua 26 Nov 2014, 11:10

Bom Dia! Douglas Lima

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... by Smeenk )

< [Você precisa estar registrado e conectado para ver esta imagem.] zoek.exe >

> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute zoek.exe como administrador.

autoclean;
emptytemp;
 

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script". 

Zoek.exe is running now. 
Do not start any browser windows, they will be closed automatically. 
Please wait! This window will close when finished. 
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt << 

A+
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por joram em Sex 09 Jan 2015, 12:28

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da Equipe da Moderação solicitando o desbloqueio.

_________________
Fórum PC Brasil >> O que há de melhor,para desinfectar seu computador!
Fórum SecSecurity >> Não deixem de conhecer!
Fórum iMasters >> Tradição em informática!
joram
joram
Administrador
Administrador

Mensagens : 3905
Reputação : 428
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

sites - Propagandas indesejaveis nos sites Empty Re: Propagandas indesejaveis nos sites

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum