Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14838 usuários registradosO último membro registrado é Lanterna Verde com Disco
Os nossos membros postaram um total de 36058 mensagens em 3689 assuntos
Quem está conectado?
Há 125 usuários online :: 0 registrados, 0 invisíveis e 125 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
se malweres invadiram como resolve-los ?
2 participantes
Página 1 de 1
se malweres invadiram como resolve-los ?
como não consigo acessar meu e-mail estou entrando por uma nova conta!
estava eu lá a vontade querendo assistir filmes
bem, pensei eu: vou baixa-los
tudo bem, ignorei aviso de ante-vírus
pior ainda baixei, aliás as instalei
pensei existem ferramentas que só podem ser usadas sem antvitus
para ele não as detectar como ferramentas maliciosas
isto não se aplica neste caso pois:
paginas começaram abrindo sem parar
istanstwebsearch sem parar
todos os arquivos pdf e jpg se tornaram Bobrowser
e bobrowser tambem tornou-se meu navegador
estou num exercício pesado arrancando cabelos
oque fazer agora?!
estava eu lá a vontade querendo assistir filmes
bem, pensei eu: vou baixa-los
tudo bem, ignorei aviso de ante-vírus
pior ainda baixei, aliás as instalei
pensei existem ferramentas que só podem ser usadas sem antvitus
para ele não as detectar como ferramentas maliciosas
isto não se aplica neste caso pois:
paginas começaram abrindo sem parar
istanstwebsearch sem parar
todos os arquivos pdf e jpg se tornaram Bobrowser
e bobrowser tambem tornou-se meu navegador
estou num exercício pesado arrancando cabelos
oque fazer agora?!
Aldemir007- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014
Re: se malweres invadiram como resolve-los ?
Boa Tarde! Aldemir007
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!
> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!
A+
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!
> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: se malweres invadiram como resolve-los ?
Joram, Muito obrigado por responder!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Aldemir007- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014
Re: se malweres invadiram como resolve-los ?
Boa Tarde! Aldemir007
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
[MD5.00000000000000000000000000000000] [APT] [Run_Bobby_Browser] (...) -- C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.) [0]
O41 - Driver: (mosfilterdrv) . (. - .) - C:\Windows\System32\drivers\mosfilterdrv.sys (.not file.)
O43 - CFD: 30/11/2014 - 11:14:47 - [0] ----D C:\Program Files\NJax
O45 - LFCP:[MD5.2FF43C5789C5B3BBD290C1D5A7AE2690] - 28/11/2014 - 20:02:12 ---A- - C:\Windows\Prefetch\PENNYBEE.EXE-D7F00502.pf
O45 - LFCP:[MD5.57CA9B12F530E8208019553F270F278E] - 28/11/2014 - 20:02:36 ---A- - C:\Windows\Prefetch\SUPIEPLUGINSERVICEUPDATE.EXE-82CE61E6.pf
O45 - LFCP:[MD5.34157CD22CAB131B1DDF3F9CC439ADA9] - 28/11/2014 - 20:02:35 ---A- - C:\Windows\Prefetch\SUPTAB_V5.8.8.777_NOBLANK_AMY-F33C6925.pf
O45 - LFCP:[MD5.A0F686442A05CA18DB271438D40FA3D3] - 28/11/2014 - 21:03:49 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-596B033D.pf
O45 - LFCP:[MD5.307BBF6F0A2C0195FBEC3FFB580523DD] - 28/11/2014 - 20:02:23 ---A- - C:\Windows\Prefetch\WPM_V20.0.0.1277.EXE-DB5CF181.pf
O61 - LFC: 28/11/2014 - 17:31:42 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\Temp\~nsu.tmp\Au_.exe [33902]
O68 - StartMenuInternet: <BoBrowser.SOZB4B3ATLMK5OEYN2YWYDUQ34> <BoBrowser>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.)
sysrestore
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
A+
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
[MD5.00000000000000000000000000000000] [APT] [Run_Bobby_Browser] (...) -- C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.) [0]
O41 - Driver: (mosfilterdrv) . (. - .) - C:\Windows\System32\drivers\mosfilterdrv.sys (.not file.)
O43 - CFD: 30/11/2014 - 11:14:47 - [0] ----D C:\Program Files\NJax
O45 - LFCP:[MD5.2FF43C5789C5B3BBD290C1D5A7AE2690] - 28/11/2014 - 20:02:12 ---A- - C:\Windows\Prefetch\PENNYBEE.EXE-D7F00502.pf
O45 - LFCP:[MD5.57CA9B12F530E8208019553F270F278E] - 28/11/2014 - 20:02:36 ---A- - C:\Windows\Prefetch\SUPIEPLUGINSERVICEUPDATE.EXE-82CE61E6.pf
O45 - LFCP:[MD5.34157CD22CAB131B1DDF3F9CC439ADA9] - 28/11/2014 - 20:02:35 ---A- - C:\Windows\Prefetch\SUPTAB_V5.8.8.777_NOBLANK_AMY-F33C6925.pf
O45 - LFCP:[MD5.A0F686442A05CA18DB271438D40FA3D3] - 28/11/2014 - 21:03:49 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-596B033D.pf
O45 - LFCP:[MD5.307BBF6F0A2C0195FBEC3FFB580523DD] - 28/11/2014 - 20:02:23 ---A- - C:\Windows\Prefetch\WPM_V20.0.0.1277.EXE-DB5CF181.pf
O61 - LFC: 28/11/2014 - 17:31:42 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\Temp\~nsu.tmp\Au_.exe [33902]
O68 - StartMenuInternet: <BoBrowser.SOZB4B3ATLMK5OEYN2YWYDUQ34> <BoBrowser>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.)
sysrestore
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: se malweres invadiram como resolve-los ?
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Aldemir at 30/11/2014 18:28:21
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
========== Elementos dos dados do Registo ==========
ELIMINÉ: StartMenuInternet: C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (0)
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Valores do Registo
1 : Elementos dos dados do Registo
3 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 17s
========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/11/2014 17:12:24 [1965]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/11/2014 17:26:51 [1442]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R3].txt - 30/11/2014 18:28:32 [1342]
Fichier d'export Registre :
Run by Aldemir at 30/11/2014 18:28:21
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
========== Elementos dos dados do Registo ==========
ELIMINÉ: StartMenuInternet: C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (0)
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Valores do Registo
1 : Elementos dos dados do Registo
3 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 17s
========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/11/2014 17:12:24 [1965]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/11/2014 17:26:51 [1442]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R3].txt - 30/11/2014 18:28:32 [1342]
Aldemir007- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014
Re: se malweres invadiram como resolve-los ?
Boa Noite! Aldemir007
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute zoek.exe como administrador.
autoclean;
emptytemp;
shortcutfix;
chrdefaults;
reset chrome;
emptyCHRcache;
resethosts;
resetieproxy;
emptyfolderscheck;delete
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute zoek.exe como administrador.
autoclean;
emptytemp;
shortcutfix;
chrdefaults;
reset chrome;
emptyCHRcache;
resethosts;
resetieproxy;
emptyfolderscheck;delete
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.zoek.hta failed by unknown error.
Restart computer, and try again.
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: se malweres invadiram como resolve-los ?
Olá Joram, boa noite!
aqui está o relatório:
Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Aldemir on 30/11/2014 at 19:15:57,08.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-11-30-210928.log 18951 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Users\Aldemir\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [30/11/2014 10:17]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]
WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Reset Google Chrome ======================
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Aldemir\Desktop\AIDA64 Extreme.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.exe
C:\Users\Aldemir\Desktop\EVEREST Ultimate Edition.lnk - C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\Aldemir\Desktop\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\Desktop\Safe Money.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Aldemir\Desktop\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\Desktop\Watchtower Library 2013 - Português.lnk -
C:\Users\Aldemir\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Aldemir\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk - C:\Program Files\eSupport.com\driveragent\DriverAgent.exe
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\Uninstall.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Settings.lnk - C:\Program Files\Combined Community Codec Pack\CCCP-Settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Uninstall.lnk - C:\Program Files\Combined Community Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Media Player Classic Home Cinema.lnk - C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\Haali Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\Haali\Splitter.ax",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Audio Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVAudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVSplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Video Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVVideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\VSFilter Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\System32\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver 2.lnk - C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk - C:\Windows\TotalUninstaller.exe /REMOVE_ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2013\Watchtower Library 2013 - Português.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --profile-directory=Default
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=177 folders=38 10745612 bytes)
==== Empty Temp Folders ======================
C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 30/11/2014 at 19:25:36,91 ======================
aqui está o relatório:
Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Aldemir on 30/11/2014 at 19:15:57,08.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-11-30-210928.log 18951 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Users\Aldemir\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [30/11/2014 10:17]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]
WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Reset Google Chrome ======================
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Aldemir\Desktop\AIDA64 Extreme.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.exe
C:\Users\Aldemir\Desktop\EVEREST Ultimate Edition.lnk - C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\Aldemir\Desktop\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\Desktop\Safe Money.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Aldemir\Desktop\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\Desktop\Watchtower Library 2013 - Português.lnk -
C:\Users\Aldemir\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Aldemir\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk - C:\Program Files\eSupport.com\driveragent\DriverAgent.exe
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\Uninstall.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Settings.lnk - C:\Program Files\Combined Community Codec Pack\CCCP-Settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Uninstall.lnk - C:\Program Files\Combined Community Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Media Player Classic Home Cinema.lnk - C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\Haali Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\Haali\Splitter.ax",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Audio Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVAudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVSplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Video Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVVideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\VSFilter Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\System32\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver 2.lnk - C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk - C:\Windows\TotalUninstaller.exe /REMOVE_ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2013\Watchtower Library 2013 - Português.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --profile-directory=Default
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=177 folders=38 10745612 bytes)
==== Empty Temp Folders ======================
C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 30/11/2014 at 19:25:36,91 ======================
Aldemir007- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014
Re: se malweres invadiram como resolve-los ?
Oi Joram
lhe enviei o relatório errado
acredito que seja este;
Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Aldemir on 30/11/2014 at 19:15:57,08.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-11-30-210928.log 18951 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Users\Aldemir\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [30/11/2014 10:17]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]
WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Reset Google Chrome ======================
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Aldemir\Desktop\AIDA64 Extreme.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.exe
C:\Users\Aldemir\Desktop\EVEREST Ultimate Edition.lnk - C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\Aldemir\Desktop\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\Desktop\Safe Money.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Aldemir\Desktop\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\Desktop\Watchtower Library 2013 - Português.lnk -
C:\Users\Aldemir\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Aldemir\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk - C:\Program Files\eSupport.com\driveragent\DriverAgent.exe
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\Uninstall.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Settings.lnk - C:\Program Files\Combined Community Codec Pack\CCCP-Settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Uninstall.lnk - C:\Program Files\Combined Community Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Media Player Classic Home Cinema.lnk - C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\Haali Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\Haali\Splitter.ax",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Audio Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVAudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVSplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Video Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVVideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\VSFilter Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\System32\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver 2.lnk - C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk - C:\Windows\TotalUninstaller.exe /REMOVE_ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2013\Watchtower Library 2013 - Português.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --profile-directory=Default
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=177 folders=38 10745612 bytes)
==== Empty Temp Folders ======================
C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 30/11/2014 at 19:25:36,91 ======================
lhe enviei o relatório errado
acredito que seja este;
Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Aldemir on 30/11/2014 at 19:15:57,08.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-11-30-210928.log 18951 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Users\Aldemir\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [30/11/2014 10:17]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]
WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Reset Google Chrome ======================
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Aldemir\Desktop\AIDA64 Extreme.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.exe
C:\Users\Aldemir\Desktop\EVEREST Ultimate Edition.lnk - C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\Aldemir\Desktop\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\Desktop\Safe Money.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Aldemir\Desktop\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\Desktop\Watchtower Library 2013 - Português.lnk -
C:\Users\Aldemir\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Aldemir\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk - C:\Program Files\eSupport.com\driveragent\DriverAgent.exe
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\Uninstall.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Settings.lnk - C:\Program Files\Combined Community Codec Pack\CCCP-Settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Uninstall.lnk - C:\Program Files\Combined Community Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Media Player Classic Home Cinema.lnk - C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\Haali Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\Haali\Splitter.ax",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Audio Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVAudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVSplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Video Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVVideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\VSFilter Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\System32\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver 2.lnk - C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk - C:\Windows\TotalUninstaller.exe /REMOVE_ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2013\Watchtower Library 2013 - Português.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --profile-directory=Default
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=177 folders=38 10745612 bytes)
==== Empty Temp Folders ======================
C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 30/11/2014 at 19:25:36,91 ======================
Aldemir007- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014
Re: se malweres invadiram como resolve-los ?
Boa Noite! Aldemir007
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Salve-o no desktop!
> Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
> Aceite o contrato e marque: "YES, I accept the Terms of Use"
> Clique: "Start"
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Em "Computer scan settings",marque:
<*> Enable detection of potentially unwanted applications
> Em "Hide advanced settings",marque:
<1> Scan archives
<2> Scan for potentially unsafe applications
<3> Enable Anti-Stealth technology
<4> Remove found threats
> Clique em "Advanced settings".
> Clique "Change" e marque a caixa "Computador".
> Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
> Ao concluir,clique em "List of found threats".
> Clique em "Export to text file" e salve o relatório no desktop.
> Clique "Back" >> "Finish".
> Poste o relatório!
A+
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Salve-o no desktop!
> Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
> Aceite o contrato e marque: "YES, I accept the Terms of Use"
> Clique: "Start"
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Em "Computer scan settings",marque:
<*> Enable detection of potentially unwanted applications
> Em "Hide advanced settings",marque:
<1> Scan archives
<2> Scan for potentially unsafe applications
<3> Enable Anti-Stealth technology
<4> Remove found threats
> Clique em "Advanced settings".
> Clique "Change" e marque a caixa "Computador".
> Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
> Ao concluir,clique em "List of found threats".
> Clique em "Export to text file" e salve o relatório no desktop.
> Clique "Back" >> "Finish".
> Poste o relatório!
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: se malweres invadiram como resolve-los ?
olá, boa noite Joram
eis o log
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f9c85e42f7e9f41b0818cd157fa818b
# engine=21335
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-30 11:04:12
# local_time=2014-11-30 09:04:12 (-0300, Horário brasileiro de verão)
# country="Brazil"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777214 100 100 0 108705920 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 168937043 0 0
# scanned=96397
# found=2
# cleaned=2
# scan_time=2032
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
sh=6C80960C1A22EAB46631C396FBC384B29851A96B ft=1 fh=2f90599b91622924 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Aldemir\Downloads\aida64extreme400.exe"
eis o log
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f9c85e42f7e9f41b0818cd157fa818b
# engine=21335
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-30 11:04:12
# local_time=2014-11-30 09:04:12 (-0300, Horário brasileiro de verão)
# country="Brazil"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777214 100 100 0 108705920 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 168937043 0 0
# scanned=96397
# found=2
# cleaned=2
# scan_time=2032
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
sh=6C80960C1A22EAB46631C396FBC384B29851A96B ft=1 fh=2f90599b91622924 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Aldemir\Downloads\aida64extreme400.exe"
Aldemir007- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014
Re: se malweres invadiram como resolve-los ?
Boa Noite! Aldemir007
> Vamos remover as ferramentas que foram utilizadas na desinfecção!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+
> Vamos remover as ferramentas que foram utilizadas na desinfecção!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: se malweres invadiram como resolve-los ?
Oi Joram! Boa noite
Meu Deus, EU acesso meu e-mail, imagens, E-books
O e-mail está Ok!
não é boa noite
É Bela Noite
Segue o relatório para finalizar
Deus lhe pague
Caso resolvido parceiro
Valeu
sinta-se satisfeito com seu trabalho porque eu estou nas nuvens
abraços
Muito Obrigado!
# DelFix v10.8 - Relatório criado 30/11/2014 às 22:00:40
# Atualizado 29/07/2014 por Xplode
# Usuário : Aldemir - ALDEMIR-PC
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
~ Removendo ferramentas de desinfecção ...
Removido : C:\zoek_backup
Removido : C:\Users\Aldemir\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files\ZHPDiag
Removido : C:\PhysicalDisk0_MBR.bin
Removido : C:\zoek-results.log
Removido : C:\zoek-results2014-11-30-210928.log
Removido : C:\Users\Aldemir\Desktop\log 2.txt
Removido : C:\Users\Aldemir\Desktop\log.txt
Removido : C:\Users\Aldemir\Desktop\ZHPDiag.lnk
Removido : C:\Users\Aldemir\Desktop\ZHPDiag.txt
Removido : C:\Users\Aldemir\Desktop\ZHPFix.lnk
Removido : C:\Users\Aldemir\Desktop\ZHPFixReport.txt
Removido : C:\Users\Aldemir\Downloads\esetsmartinstaller_enu.exe
Removido : C:\Users\Aldemir\Downloads\remover-istart-webssearches-com-17143-neergc.pdf
Removido : C:\Users\Aldemir\Downloads\ZHPDiag2.exe
Removido : C:\Users\Aldemir\Downloads\zoek (1).zip
Removido : C:\Users\Aldemir\Downloads\zoek (2).zip
Removido : C:\Users\Aldemir\Downloads\zoek.exe
Removido : C:\Users\Aldemir\Downloads\zoek.zip
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~ Criando backup do registro ... OK
~ Limpando pontos da restauração do sistema ...
Removido : RP #22 [Windows Update | 11/20/2014 17:30:48]
Removido : RP #23 [Ponto de Verificação Agendado | 11/28/2014 20:34:06]
Removido : RP #24 [Windows Update | 11/30/2014 13:42:45]
Removido : RP #26 [ZHPFix Restore System Point | 11/30/2014 20:11:58]
Removido : RP #28 [ZHPFix Restore System Point | 11/30/2014 20:26:40]
Removido : RP #30 [ZHPFix Restore System Point | 11/30/2014 20:28:15]
Removido : RP #31 [zoek.exe restore point | 11/30/2014 20:54:31]
Novo ponto de restauração criado !
########## - EOF - ##########
Meu Deus, EU acesso meu e-mail, imagens, E-books
O e-mail está Ok!
não é boa noite
É Bela Noite
Segue o relatório para finalizar
Deus lhe pague
Caso resolvido parceiro
Valeu
sinta-se satisfeito com seu trabalho porque eu estou nas nuvens
abraços
Muito Obrigado!
# DelFix v10.8 - Relatório criado 30/11/2014 às 22:00:40
# Atualizado 29/07/2014 por Xplode
# Usuário : Aldemir - ALDEMIR-PC
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
~ Removendo ferramentas de desinfecção ...
Removido : C:\zoek_backup
Removido : C:\Users\Aldemir\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files\ZHPDiag
Removido : C:\PhysicalDisk0_MBR.bin
Removido : C:\zoek-results.log
Removido : C:\zoek-results2014-11-30-210928.log
Removido : C:\Users\Aldemir\Desktop\log 2.txt
Removido : C:\Users\Aldemir\Desktop\log.txt
Removido : C:\Users\Aldemir\Desktop\ZHPDiag.lnk
Removido : C:\Users\Aldemir\Desktop\ZHPDiag.txt
Removido : C:\Users\Aldemir\Desktop\ZHPFix.lnk
Removido : C:\Users\Aldemir\Desktop\ZHPFixReport.txt
Removido : C:\Users\Aldemir\Downloads\esetsmartinstaller_enu.exe
Removido : C:\Users\Aldemir\Downloads\remover-istart-webssearches-com-17143-neergc.pdf
Removido : C:\Users\Aldemir\Downloads\ZHPDiag2.exe
Removido : C:\Users\Aldemir\Downloads\zoek (1).zip
Removido : C:\Users\Aldemir\Downloads\zoek (2).zip
Removido : C:\Users\Aldemir\Downloads\zoek.exe
Removido : C:\Users\Aldemir\Downloads\zoek.zip
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~ Criando backup do registro ... OK
~ Limpando pontos da restauração do sistema ...
Removido : RP #22 [Windows Update | 11/20/2014 17:30:48]
Removido : RP #23 [Ponto de Verificação Agendado | 11/28/2014 20:34:06]
Removido : RP #24 [Windows Update | 11/30/2014 13:42:45]
Removido : RP #26 [ZHPFix Restore System Point | 11/30/2014 20:11:58]
Removido : RP #28 [ZHPFix Restore System Point | 11/30/2014 20:26:40]
Removido : RP #30 [ZHPFix Restore System Point | 11/30/2014 20:28:15]
Removido : RP #31 [zoek.exe restore point | 11/30/2014 20:54:31]
Novo ponto de restauração criado !
########## - EOF - ##########
Aldemir007- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014
Re: se malweres invadiram como resolve-los ?
Caso Resolvido
Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.
Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.
_________________
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> O que há de melhor,para desinfectar seu computador!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Não deixem de conhecer!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Tradição em informática!
joram- Administrador
- Mensagens : 4164
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Tópicos semelhantes
» malweres e propagandas ...
» Infecçao por muitos malweres, pc lento
» Pragas invadiram o PC
» (RESOLVIDO) Socorro, invadiram meu PC e estão controlando o mouse
» Infecçao por muitos malweres, pc lento
» Pragas invadiram o PC
» (RESOLVIDO) Socorro, invadiram meu PC e estão controlando o mouse
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos