############################## | UsbFix V 7.171 | [Limpar]
Usuário: Monica (Administrador) # MONICA-PC
Atualizado em 09/06/2014 por El Desaparecido - SosVirus
Começou em 17:55:54 | 20/06/2014
Site : http://www.pt.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Asistencia : http://pt.kioskea.net/forum/seguranca-virus-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contato : http://www.pt.usbfix.net/contato/
PC: POSITIVO (P14)
CPU: Intel(R) Atom(TM) CPU D425 @ 1.80GHz
RAM -> [Total : 2038 Mo| Free : 1208 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft Windows 7 Starter (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17126
WB: Google Chrome : 35.0.1916.153
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]
AS: Malwarebytes' Anti-Malware : 1.51.1118
C:\ (%SystemDrive%) -> Disco fixo # 288 Gb (228 Mb livre - 79%) [] # NTFS
D:\ -> CD-ROM
################## | Processos parados |
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (ID: 796|ParentID: 548|SISTEMA)
C:\PROGRA~1\GbPlugin\gbpsv.exe (ID: 816|ParentID: 548|SISTEMA)
C:\Program Files\IDT\WDM\stacsv.exe (ID: 1252|ParentID: 548|SISTEMA)
C:\Windows\System32\spoolsv.exe (ID: 1756|ParentID: 548|SISTEMA)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1872|ParentID: 548|SISTEMA)
C:\Program Files\BatteryManagerService\BatteryManagerService.exe (ID: 1904|ParentID: 548|SISTEMA)
C:\Program Files\Microsoft\BingBar\SeaPort.EXE (ID: 1936|ParentID: 548|SISTEMA)
C:\Program Files\Canon\IJPLM\ijplmsvc.exe (ID: 2004|ParentID: 548|SISTEMA)
C:\Program Files\Online Games Manager\ogmservice.exe (ID: 2044|ParentID: 548|SISTEMA)
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (ID: 1664|ParentID: 548|SISTEMA)
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (ID: 2092|ParentID: 548|SISTEMA)
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (ID: 2148|ParentID: 548|SISTEMA)
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (ID: 2268|ParentID: 2092|SISTEMA)
C:\Windows\System32\taskhost.exe (ID: 2516|ParentID: 548|Monica)
C:\Windows\explorer.exe (ID: 2624|ParentID: 2592|Monica)
C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (ID: 2720|ParentID: 548|SISTEMA)
C:\Program Files\IDT\WDM\sttray.exe (ID: 3012|ParentID: 2624|Monica)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 3024|ParentID: 2624|Monica)
C:\Windows\System32\igfxtray.exe (ID: 3036|ParentID: 2624|Monica)
C:\Windows\System32\hkcmd.exe (ID: 3084|ParentID: 2624|Monica)
C:\Windows\System32\igfxpers.exe (ID: 3104|ParentID: 2624|Monica)
C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe (ID: 3736|ParentID: 2624|Monica)
C:\Windows\System32\igfxsrvc.exe (ID: 3744|ParentID: 720|Monica)
C:\Program Files\Technology Pack\Battery Manager\BatteryPower.exe (ID: 3752|ParentID: 1904|SISTEMA)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2140|ParentID: 2624|Monica)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID: 2660|ParentID: 2624|Monica)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 2960|ParentID: 2140|Monica)
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (ID: 2732|ParentID: 2624|Monica)
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (ID: 2948|ParentID: 2624|Monica)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 3056|ParentID: 2624|Monica)
C:\Program Files\Skype\Phone\Skype.exe (ID: 3620|ParentID: 2624|Monica)
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ID: 3320|ParentID: 2624|Monica)
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (ID: 5028|ParentID: 548|SERVIÇO LOCAL)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 4308|ParentID: 548|SISTEMA)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4812|ParentID: 548|SERVIÇO DE REDE)
C:\Windows\System32\SearchIndexer.exe (ID: 1476|ParentID: 548|SISTEMA)
C:\Windows\System32\wuauclt.exe (ID: 7680|ParentID: 1208|Monica)
C:\Windows\System32\taskhost.exe (ID: 1196|ParentID: 548|Monica)
C:\Windows\System32\SearchProtocolHost.exe (ID: 3432|ParentID: 1476|SISTEMA)
C:\Windows\System32\SearchFilterHost.exe (ID: 6928|ParentID: 1476|SISTEMA)
################## | Autorun |
################## | Procura genérica |
(!) Ficheiros temporários suprimido.
################## | Registro |
Supprimido ! HKU\S-1-5-21-1748585246-2572997590-2566434535-1000\Software\.\.\.\.\Mountpoints2\E
Supprimido ! HKU\S-1-5-21-1748585246-2572997590-2566434535-1000\Software\.\.\.\.\Mountpoints2\H
Supprimido ! HKU\S-1-5-21-1748585246-2572997590-2566434535-1000\Software\.\.\.\.\Mountpoints2\{eaeec304-a907-11e3-bd0a-9c42e0ac91ab}
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
04 - HKLM\..\Run : [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [AudioPower] C:\Program Files\Technology Pack\Amazing Audio\AudioPower.exe
04 - HKLM\..\Run : [StartUpManagerPositivo] C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
04 - HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
04 - HKLM\..\Run : [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1748585246-2572997590-2566434535-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | C:\ %SystemDrive% - Disco fixo (NTFS) |
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.2052.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.3082.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1028.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1042.txt
[07/11/2007 - 08:00:40 | N | 0 Ko] - C:\eula.1041.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1040.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1036.txt
[07/11/2007 - 08:00:40 | N | 10 Ko] - C:\eula.1033.txt
[07/11/2007 - 08:00:40 | N | 17 Ko] - C:\eula.1031.txt
[25/11/2013 - 16:17:50 | N | 1 Ko] - C:\DelFix.txt
[16/06/2014 - 17:17:18 | N | 0 Ko] - C:\runcheck.txt
[10/06/2009 - 18:42:20 | N | 0 Ko] - C:\config.sys
[12/07/2013 - 10:37:03 | RASH | 0 Ko] - C:\MSDOS.SYS
[12/07/2013 - 10:37:03 | RASH | 0 Ko] - C:\IO.SYS
[20/06/2014 - 09:05:51 | ASH | 1565412 Ko] - C:\hiberfil.sys
[20/06/2014 - 09:05:54 | ASH | 2087220 Ko] - C:\pagefile.sys
[07/11/2007 - 08:12:28 | N | 228 Ko] - C:\VC_RED.MSI
[18/06/2014 - 18:37:05 | D] - C:\Config.Msi
[18/10/2013 - 15:01:12 | N | 8 Ko] - C:\shldr.mbr
[27/05/2011 - 12:46:30 | N | 0 Ko] - C:\Audio.log
[27/05/2011 - 12:46:53 | N | 0 Ko] - C:\CR.log
[27/05/2011 - 12:47:27 | N | 366 Ko] - C:\chipset.log
[27/05/2011 - 12:47:35 | N | 0 Ko] - C:\LAN.log
[27/05/2011 - 12:49:38 | D] - C:\iaa.log
[27/05/2011 - 12:50:37 | N | 24 Ko] - C:\video.log
[27/05/2011 - 12:51:17 | N | 0 Ko] - C:\WLAN.log
[27/05/2011 - 12:51:44 | N | 0 Ko] - C:\WLAN2.log
[13/06/2014 - 16:51:06 | N | 91 Ko] - C:\spyhunter.log
[13/06/2014 - 19:52:17 | N | 20 Ko] - C:\sh4_service.log
[16/06/2014 - 17:19:28 | N | 17 Ko] - C:\zoek-results.log
[07/11/2007 - 08:00:40 | N | 1 Ko] - C:\globdata.ini
[07/11/2007 - 08:00:40 | N | 1 Ko] - C:\install.ini
[07/11/2007 - 08:03:18 | N | 550 Ko | SHA1: FB517ABB38E9CCC67DE411D4F18A9446C11C0923] - C:\install.exe
[07/11/2007 - 08:03:18 | N | 93 Ko | SHA1: 3B01AA2CE407D89AE218A4CD81D21E3F25077B5B] - C:\install.res.1040.dll
[07/11/2007 - 08:03:18 | N | 80 Ko | SHA1: CC9D7D205F965659429B95DD2F317D9D4DE8820B] - C:\install.res.1041.dll
[07/11/2007 - 08:03:18 | N | 78 Ko | SHA1: E263B6FB41E2984CDF8D23A25EF1C536F32C4EC3] - C:\install.res.1042.dll
[07/11/2007 - 08:03:18 | N | 74 Ko | SHA1: 24A1F8FF465746148BB82364713FB75297BC9656] - C:\install.res.2052.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | SHA1: 9C57F09A4613B8F44C730511D3CCA9121780B630] - C:\install.res.3082.dll
[07/11/2007 - 08:03:18 | N | 95 Ko | SHA1: 0616CDE3285284430679368575A5A4ED3672722D] - C:\install.res.1036.dll
[07/11/2007 - 08:03:18 | N | 94 Ko | SHA1: 9723B8595A326B38ECB31F64B3A67C1ED339BB60] - C:\install.res.1031.dll
[07/11/2007 - 08:03:18 | N | 75 Ko | SHA1: 549AB876AC211651E77A458FC72859B6B1C304CB] - C:\install.res.1028.dll
[07/11/2007 - 08:03:18 | N | 89 Ko | SHA1: 9EC25485A7FF52D1211A28CCA095950901669B34] - C:\install.res.1033.dll
[07/11/2007 - 08:09:22 | N | 1409 Ko] - C:\VC_RED.cab
[07/11/2007 - 08:00:40 | N | 6 Ko] - C:\vcredist.bmp
[16/06/2014 - 17:19:36 | SHD] - C:\$RECYCLE.BIN
[10/06/2009 - 18:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 23:37:05 | D] - C:\PerfLogs
[14/07/2009 - 01:53:55 | SHD] - C:\Documents and Settings
[27/07/2011 - 21:14:54 | D] - C:\Arquivos de Programas
[24/08/2011 - 14:00:34 | D] - C:\5180b5154dac7caf526e
[12/12/2011 - 18:38:22 | D] - C:\BigFishGamesCache
[16/11/2012 - 15:29:31 | D] - C:\c51f322598e4b79aa29bdd941aaf
[11/04/2013 - 10:12:00 | D] - C:\cc93ffc4d4c16178ad9955b981
[18/10/2013 - 15:01:12 | N | 279 Ko] - C:\shldr
[03/03/2014 - 14:56:34 | D] - C:\sh4ldr
[20/04/2014 - 16:58:11 | D] - C:\Zylom Games
[16/06/2014 - 12:42:10 | D] - C:\AdwCleaner
[16/06/2014 - 16:59:43 | D] - C:\Users
[16/06/2014 - 17:04:01 | D] - C:\zoek_backup
[16/06/2014 - 17:18:37 | D] - C:\Windows
[20/06/2014 - 17:49:21 | SHD] - C:\System Volume Information
[20/06/2014 - 17:49:30 | D] - C:\Program Files
[20/06/2014 - 17:49:33 | HD] - C:\ProgramData
[20/06/2014 - 17:54:06 | D] - C:\UsbFix
################## | Vaccin |
################## | E.O.F | http://www.sosvirus.net/ | http://www.pt.usbfix.net/ |
_________________________________________________
https://www.virustotal.com/pt/url/ef75e12e8cf006c713b9e46233cce02563da2be6192b00217b78f353ff90fb84/analysis/1403296276/
https://www.virustotal.com/pt/url/8b0d0629ef31dc902aa84e4fea975bab6822dbfd20470ac7b6172247092675cd/analysis/1403296401/
________________________________________________
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Monica at 20/06/2014 17:49:44
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 09s)
Reparação de atalhos do navegador
========== Estado dos serviços ==========
360HOOKOEM Parado
360REGOEM Parado
360SPOEM Parado
BHBASE Parado
========== Chaves do Registo ==========
ELIMINÉ Driver Key: 360RegOem
ELIMINÉ Driver Key: 360SpOEM
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Mediaa_Play_AIR_1.4
ELIMINÉ CLSID MPSK: {393979e6-b913-11e0-8f74-dae171c615b0}
ELIMINÉ CLSID MPSK: {393979f5-b913-11e0-8f74-dae171c615b0}
ELIMINÉ CLSID MPSK: {ea87a2fc-c489-11e0-be79-80ee73173730}
ELIMINÉ: SearchScopes :{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\facetheme-apl-17-NOV_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\facetheme-apl-17-NOV_RASMANCS
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ: C:\Users\Monica\AppData\Local\{B0BAAAA8-0659-4E7D-9F3C-65B5036BA833}
========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\360hookoem.sys
ELIMINÉ: c:\windows\system32\drivers\360regoem.sys
ELIMINÉ: c:\windows\system32\drivers\360spoem.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (127) (2.307.263 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
12 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
6 : Ficheiros
4 : Estado dos serviços
1 : Restauração Sistema
End of clean in 01mn 31s
========== Caminho do ficheiro do relatório ==========
C:\Users\Monica\AppData\Roaming\ZHP\ZHPFix[R1].txt - 20/06/2014 17:49:54 [2145]
Monica Gurzo...
Membro Senior
Registrado
299 Mensagens
15 Curtidas
[Resolvido] Sequestrador de navegação. Vírus?
#1 Por Monica Gurzo...
16/06/2014 - 10:01