Logo Hardware.com.br
Oliveira.ibilce
Oliveira.ibi... Super Participante Registrado
690 Mensagens 38 Curtidas

Webssearchs infectando o PC

#1 Por Oliveira.ibi... 22/10/2014 - 17:20
Essa webssearchs apareceu nos meus navegadores. Executei o AdwCleaner e o JRT. Seguem os logs:

# AdwCleaner v4.001 - Relatório criado 22/10/2014 às 16:46:32
# Atualizado 20/10/2014 por Xplode
# Banco de dados : 2014-10-21.1
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Rafael - RAFAEL-PC
# Executando de : C:\Users\Rafael\Desktop\adwcleaner_4.001.exe
# Opção : Examinar

***** [ Serviços ] *****

Serviço Encontrado : globalUpdate
Serviço Encontrado : globalUpdatem

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Arquivo Encontrado : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Encontrado : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Pasta Encontrado : C:\Program Files (x86)\PennyBee
Pasta Encontrado : C:\Program Files (x86)\SmartSaver+ 3.5
Pasta Encontrado : C:\ProgramData\Online
Pasta Encontrado : C:\Users\Public\Documents\baidu
Pasta Encontrado : C:\Users\Rafael\AppData\Local\Genesis_10221817
Pasta Encontrado : C:\Users\Rafael\AppData\Local\globalUpdate
Pasta Encontrado : C:\Users\Rafael\AppData\Roaming\eCyber
Pasta Encontrado : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\[email]bff772e6677247908d08bf6893@09970427648447999c4d8f4e3f7ec.com[/email]
Pasta Encontrado : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\[email]faststartff@gmail.com[/email]

***** [ Tarefas ] *****

Tarefa Encontrada : globalUpdateUpdateTaskMachineCore
Tarefa Encontrada : globalUpdateUpdateTaskMachineUA
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-1
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-11
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-2
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-3
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-4
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-5
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-5_user
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-6
Tarefa Encontrada : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-7

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Encontrada : HKCU\Software\AppDataLow\Software\Crossrider
Chave Encontrada : HKCU\Software\AppDataLow\Software\SmartSaver+ 3.5
Chave Encontrada : HKCU\Software\genesis
Chave Encontrada : HKCU\Software\GlobalUpdate
Chave Encontrada : HKCU\Software\Headlight
Chave Encontrada : HKCU\Software\InstalledBrowserExtensions
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611481185}
Chave Encontrada : HKCU\Software\powerpack
Chave Encontrada : [x64] HKCU\Software\genesis
Chave Encontrada : [x64] HKCU\Software\GlobalUpdate
Chave Encontrada : [x64] HKCU\Software\Headlight
Chave Encontrada : [x64] HKCU\Software\InstalledBrowserExtensions
Chave Encontrada : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : [x64] HKCU\Software\powerpack
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611481185}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622482285}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655485585}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666486685}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644484485}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644484485}
Chave Encontrada : HKLM\SOFTWARE\GlobalUpdate
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Encontrada : HKLM\SOFTWARE\InstalledBrowserExtensions
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611481185}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartSaver+ 3.5
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Encontrada : HKLM\SOFTWARE\SmartSaver+ 3.5
Chave Encontrada : HKLM\SOFTWARE\webssearchesSoftware
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611481185}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622482285}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655485585}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666486685}
Chave Encontrada : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Encontrada : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611481185}
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://istart.webssearches.com/?type=sc&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Valor Encontrada : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email]faststartff@gmail.com[/email]]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17280

Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985
Configurações Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985&q={searchTerms}

-\\ Mozilla Firefox v22.0 (en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [13390 octets] - [22/10/2014 16:46:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13451 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Basic x64
Ran by Rafael on 22/10/2014 at 16:58:53,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Rafael\AppData\Roaming\getrighttogo"



~~~ FireFox

Successfully deleted the following from C:\Users\Rafael\AppData\Roaming\mozilla\firefox\profiles\tx4sr6xr.default\prefs.js

user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985");
user_pref("browser.search.defaultenginename", "webssearches");
user_pref("browser.search.selectedEngine", "webssearches");
user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1414001842&from=pcm&uid=SAMSUNGXHM321HI_S2K5J56ZB48985");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/10/2014 at 17:03:12,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pc apareceu navegadores executei infectando adwcleaner webssearchs jrt
Oliveira.ibilce
Oliveira.ibi... Super Participante Registrado
690 Mensagens 38 Curtidas
#3 Por Oliveira.ibi...
23/10/2014 - 12:45
# AdwCleaner v4.001 - Relatório criado 22/10/2014 às 16:48:40
# DB v2014-10-21.1
# Atualizado 20/10/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Rafael - RAFAEL-PC
# Executando de : C:\Users\Rafael\Desktop\adwcleaner_4.001.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Rafael\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\Rafael\AppData\Local\globalUpdate
Pasta Deletada : C:\ProgramData\Online
Pasta Deletada : C:\Program Files (x86)\PennyBee
Pasta Deletada : C:\Users\Rafael\AppData\Local\Genesis_10221817
Pasta Deletada : C:\Program Files (x86)\SmartSaver+ 3.5
Pasta Deletada : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\[email]faststartff@gmail.com[/email]
Pasta Deletada : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\[email]bff772e6677247908d08bf6893@09970427648447999c4d8f4e3f7ec.com[/email]
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Arquivo Deletada : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : globalUpdateUpdateTaskMachineCore
Tarefa Deletedo : globalUpdateUpdateTaskMachineUA
Tarefa Deletedo : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-1
Tarefa Deletedo : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-11
Tarefa Deletedo : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-2
Tarefa Deletedo : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-3
Tarefa Deletedo : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-4
Tarefa Deletedo : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-5
Tarefa Deletedo : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-5_user
Tarefa Deletedo : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-6
Tarefa Deletedo : 1286318c-e3f9-4705-a19c-ab765d2ef6e5-7

***** [ Atalhos ] *****

Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Atalho Desinfectada : C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\Rafael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Rafael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Rafael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email]faststartff@gmail.com[/email]]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611481185}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622482285}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655485585}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666486685}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644484485}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611481185}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611481185}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611481185}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622482285}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655485585}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666486685}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611481185}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Chave Deletedo : HKCU\Software\genesis
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\InstalledBrowserExtensions
Chave Deletedo : HKCU\Software\powerpack
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartSaver+ 3.5
Chave Deletedo : HKLM\SOFTWARE\GlobalUpdate
Chave Deletedo : HKLM\SOFTWARE\InstalledBrowserExtensions
Chave Deletedo : HKLM\SOFTWARE\webssearchesSoftware
Chave Deletedo : HKLM\SOFTWARE\SmartSaver+ 3.5
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartSaver+ 3.5
Chave Deletedo : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17280

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v22.0 (en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [13604 octets] - [22/10/2014 16:46:32]
AdwCleaner[S0].txt - [12022 octets] - [22/10/2014 16:48:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12083 octets] ##########
|i5 4460 Haswell||GA-B85M-D3PH||8Gb Corsair Vengeance 1600 Mhz||SSD Evo 840 120Gb||Gigabyte GTX960 Windforce||Corsair CX500||X-Trike V9|
tadeuboato
tadeuboato Geek Registrado
1.5K Mensagens 407 Curtidas
#4 Por tadeuboato
23/10/2014 - 14:21
Imagem Faça o download do < ZHPDiag > < Imagem> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

Imagem

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
É nas urnas que o povo brasileiro mostra a força e o tamanho de sua ignorância .

"Nascer, morrer, renascer ainda e progredir sempre, tal é a lei"
Allan Kardec
Oliveira.ibilce
Oliveira.ibi... Super Participante Registrado
690 Mensagens 38 Curtidas
#5 Por Oliveira.ibi...
23/10/2014 - 14:52
~ Relatório do ZHPDiag v2014.10.22.149 - Nicolas Coolman (22/10/2014)
~ Iniciado por Rafael (23/10/2014 14:48:34)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17358 (Defaut)
MFIE: Mozilla Firefox 22.0

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.2.1012
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
ESET Online Scanner v3
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v3.20

---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.3.0.29625 =>P2P.µTorrent

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 5941 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 61 GB (20%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: RAFAEL-PC
~ User Name: Rafael
~ All Users Names: _Tama, Rafael, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Rafael\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Rafael\AppData\Roaming\
~ %Desktop% : C:\Users\Rafael\Desktop\
~ %Favorites% : C:\Users\Rafael\Favorites\
~ %LocalAppData% : C:\Users\Rafael\AppData\Local\
~ %StartMenu% : C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 61 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: Floppy drive, Flash card reader, USB Key (Free 1 Go of 2 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9D98D4F390F0B14A782F3B931E613A1A] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/09/2014 - 21:33:18.) -- C:\Windows\System32\wininet.dll [2309632]
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.16/07/2014 - 23:07:24.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/57
~ Mes Videos (My Videos) : 2/6
~ Mes Favoris (My Favorites) : 1/28
~ Mes Documents (My Documents) : 1/1914
~ Mon Bureau (My Desktop) : 5/339
~ Menu demarrer (Programs) : 1/54
~ Hidden Files: Scanned in 00mn 02s



---\\ Processos lançados
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.2400]
[MD5.03F7027B0AFB0155956B6C6282C9C4AD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUi.exe [5223016] [PID.4632]
[MD5.EB8E27A3C1EA82711BC4037D53EE5122] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Rafael\AppData\Roaming\Dropbox\bin\Dropbox.exe [36414624] [PID.4412]
[MD5.FAF3E3494E1ED6247DCBBD3675E2BFF8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8114176] [PID.1900]
[MD5.201BCF8550512C105BAC78E9FA401260] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [452136] [PID.804]
[MD5.3210023961F569536D1C355B5183C7EA] - (.ClaraLabs - ClaraUpdater.) -- C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [325232] [PID.1388]
[MD5.8C856E531A1170F53AC6844E89CD0B5F] - (...) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848] [PID.1220]
[MD5.353873A2022BC69FD530492F84AE2566] - (.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\system32\hasplms.exe [4883400] [PID.1820]
[MD5.4243660A218BCC3DF940F72F94F38496] - (...) -- C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [82144] [PID.2136]
[MD5.7485FBCEF9136F530953575E2977859D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [268824] [PID.1820]
[MD5.63E679DBA4452BFFAB2F33FB893611BB] - (...) -- C:\Program Files (x86)\NJax\NJax.exe [443480] [PID.2388]
[MD5.06A49B7BDC36CFBF97DD90804F833369] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024] [PID.2432]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2720]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2320]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.872]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.2000]
[MD5.765F2DD351BA064F657751D8D75E58C0] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2320920] [PID.4524]
[MD5.5CE4F1E7D1BF789919DC7F2E7603C638] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.4796]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\prefs.js
M3 - MFPP: Plugins - [Rafael] -- C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\searchplugins\clikseguro.xml
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886C} . (...) -- C:\Users\Rafael\AppData\Local\GAS Tecnologia\GBBD\bb\sf.xpi
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Rafael\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
~ BHO: 11 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Rafael]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 03s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-4271235012-3655327493-2173007354-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-4271235012-3655327493-2173007354-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.abntcolecao.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.abntnet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D2C245-6054-4AA3-A5CA-BD3DF2E9BC56}: DhcpNameServer = 10.0.0.80 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C5DEC77-0998-4438-9C99-1124CF74466C}: DhcpNameServer = 10.0.0.80 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D2C245-6054-4AA3-A5CA-BD3DF2E9BC56}: DhcpDomain = iqsc
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C5DEC77-0998-4438-9C99-1124CF74466C}: DhcpDomain = iqsc
O17 - HKLM\System\CS1\Services\Tcpip\..\{51D2C245-6054-4AA3-A5CA-BD3DF2E9BC56}: DhcpNameServer = 10.0.0.80 172.16.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8C5DEC77-0998-4438-9C99-1124CF74466C}: DhcpNameServer = 10.0.0.80 172.16.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{51D2C245-6054-4AA3-A5CA-BD3DF2E9BC56}: DhcpDomain = iqsc
O17 - HKLM\System\CS1\Services\Tcpip\..\{8C5DEC77-0998-4438-9C99-1124CF74466C}: DhcpDomain = iqsc
O17 - HKLM\System\CS2\Services\Tcpip\..\{51D2C245-6054-4AA3-A5CA-BD3DF2E9BC56}: DhcpNameServer = 10.0.0.80 172.16.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8C5DEC77-0998-4438-9C99-1124CF74466C}: DhcpNameServer = 10.0.0.80 172.16.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{51D2C245-6054-4AA3-A5CA-BD3DF2E9BC56}: DhcpDomain = iqsc
O17 - HKLM\System\CS2\Services\Tcpip\..\{8C5DEC77-0998-4438-9C99-1124CF74466C}: DhcpDomain = iqsc
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.80 172.16.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: ClaraUpdater (ClaraUpdater) . (.ClaraLabs - ClaraUpdater.) - C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
O23 - Service: DokanMounter (DokanMounter) . (...) - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: hddrsrv (hddrsrv) . (...) - C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
O23 - Service: NJax (NJax) . (...) - C:\Program Files (x86)\NJax\NJax.exe
~ Services: 15 Legitimates Filtered in 00mn 06s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (aswBoot.exe /M:3d8008804 /wow /dir:"C:\Program Files\AVAST Software\Avast") - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.B3969BDFC1AF54721DA10B08DED99A49] [APT] [AJJLTT] (.smart-saverplus.) -- C:\Users\Rafael\AppData\Roaming\AJJLTT.exe [1538976] =>PUP.CrossRider
[MD5.2A17224D60DFA54B0E575D5E4B2C5779] [APT] [HNGYF] (.smart-saverplus.) -- C:\Users\Rafael\AppData\Roaming\HNGYF.exe [2030496] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [Run_Bobby_Browser] (...) -- C:\Users\Rafael\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{00E6C14B-E6A1-4DA5-B412-C4C070171C6F}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1A0EEF37-AA32-49B2-BF60-7DC685A27D68}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1BECFE77-4733-4D7B-8ACB-47F1A3BC71DD}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{33823130-0743-4E94-8D5F-88C919830BF4}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5236E276-EB5F-4E13-807C-8CABEB7DDE05}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B1B47601-4455-4C2A-B6EE-E9A23FCE87BD}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]
[MD5.F7999620EDC2F5764209A448C42910B8] [APT] [{CDDCD9FE-8432-497C-958F-B5243365BE41}] (...) -- C:\Program Files (x86)\EA SPORTS\FIFA 2004\fifa2004.exe [3661824]
[MD5.00000000000000000000000000000000] [APT] [{CF6C8CAD-AF02-49C8-A692-3C16DCE7780C}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DC8C48BD-C9A5-48C3-B711-D7C17CB39E94}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: AJJLTT - (.smart-saverplus.) -- C:\Windows\Tasks\AJJLTT.job [1342] =>PUP.CrossRider
O39 - APT: AJJLTT - (.smart-saverplus.) -- C:\Windows\System32\Tasks\AJJLTT [1342] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271235012-3655327493-2173007354-1000Core [1030]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271235012-3655327493-2173007354-1000UA [1082]
O39 - APT: HNGYF - (.smart-saverplus.) -- C:\Windows\Tasks\HNGYF.job [1340] =>PUP.CrossRider
O39 - APT: HNGYF - (.smart-saverplus.) -- C:\Windows\System32\Tasks\HNGYF [1340] =>PUP.CrossRider
~ Scheduled Task: 28 Legitimates Filtered in 00mn 02s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (mosfilterdrv) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\mosfilterdrv.sys
O41 - Driver: (pofilterdrv) . (. - .) - C:\Windows\System32\drivers\pofilterdrv.sys (.not file.)
~ Drivers: 76 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: ABNT Visualizador - (.ABNT.) [HKLM][64Bits] -- {753CFE70-8FC1-4B79-9D39-1957A2D11519}
O42 - Logiciel: Bootstrapper - (.Minitab, Inc..) [HKLM][64Bits] -- {EFDD0584-E443-4CA8-8B79-E5BE7B22651D}
O42 - Logiciel: Essential FTIR version 3.0 build 38 - (...) [HKLM][64Bits] -- Essential FTIR_is1
O42 - Logiciel: IPAK - (.Infometrix, Inc..) [HKLM][64Bits] -- {999D37CD-D97D-42B2-AF8A-B4D7316E2E7A}
O42 - Logiciel: MestReC 4.7.0 - (.MestReC Lite.) [HKLM][64Bits] -- MestReC_is1
O42 - Logiciel: NJax - (.NINJASOFT LLC.) [HKLM][64Bits] -- NJax
O42 - Logiciel: Pirouette 4.0 - (.Infometrix, Inc..) [HKLM][64Bits] -- {A69DB67A-B01D-41DF-A9E0-13D91100A2B5}
O42 - Logiciel: SpinWorks_3 - (.University of Manitoba.) [HKLM][64Bits] -- {4DDAF49F-500E-404F-9894-D5F005B8FA4E}
O42 - Logiciel: TA Advantage (Thermal / Rheology) - (...) [HKLM][64Bits] -- {FE592376-1A25-11D5-860E-00105A073CBE}
~ Logic: 33 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AJJLTT]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\BoBrowser]
[HKCU\Software\Free-Soft]
[HKCU\Software\GbAs]
[HKCU\Software\HNGYF]
[HKCU\Software\Infometrix]
[HKCU\Software\RobotExt]
[HKCU\Software\SDI]
[HKCU\Software\TA Instruments]
[HKCU\Software\University of Manitoba]
[HKCU\Software\YouTubeRobot.com]
[HKCU\Software\mgb]
[HKLM\Software\NJax]
[HKLM\Software\SpeedBit]
[HKLM\Software\WinSlcMy]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Clara]
[HKLM\Software\Wow6432Node\EssentialFTIR]
[HKLM\Software\Wow6432Node\Infometrix]
[HKLM\Software\Wow6432Node\SmartSaver+ 3.5-nv] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\TA Instruments]
[HKLM\Software\Wow6432Node\WinSlcMy]
~ Key Software: 409 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 28/01/2013 - 11:53:42 - [] ----D C:\Program Files (x86)\ABNT
O43 - CFD: 22/10/2014 - 16:17:45 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 27/08/2011 - 18:45:52 - [] ----D C:\Program Files (x86)\Battlefront
O43 - CFD: 23/10/2014 - 14:46:02 - [] ----D C:\Program Files (x86)\BRApp
O43 - CFD: 02/09/2014 - 11:37:42 - [] ----D C:\Program Files (x86)\CPU Thermometer
O43 - CFD: 09/11/2012 - 18:08:24 - [] ----D C:\Program Files (x86)\EssentialFTIR
O43 - CFD: 10/12/2010 - 22:28:21 - [] ----D C:\Program Files (x86)\Hotkey OSD Driver
O43 - CFD: 02/07/2012 - 12:49:48 - [] ----D C:\Program Files (x86)\Infometrix
O43 - CFD: 23/07/2011 - 21:50:31 - [] ----D C:\Program Files (x86)\MestRe-C
O43 - CFD: 22/10/2014 - 16:20:38 - [] ----D C:\Program Files (x86)\NJax
O43 - CFD: 14/09/2012 - 01:03:17 - [] ----D C:\Program Files (x86)\RedTubeGrabber
O43 - CFD: 23/07/2011 - 23:07:54 - [] ----D C:\Program Files (x86)\SpinWorks_3
O43 - CFD: 05/06/2014 - 16:12:31 - [] ----D C:\Program Files (x86)\TA Instruments
O43 - CFD: 22/10/2014 - 16:20:11 - [] ----D C:\Program Files (x86)\Common Files\ClaraUpdater
O43 - CFD: 02/07/2012 - 12:49:54 - [] ----D C:\Program Files (x86)\Common Files\Infometrix
O43 - CFD: 02/07/2012 - 12:49:54 - [] ----D C:\Program Files (x86)\Common Files\PerkinElmer
O43 - CFD: 05/06/2014 - 16:12:36 - [] ----D C:\Program Files (x86)\Common Files\TA Instruments
O43 - CFD: 27/01/2012 - 19:43:58 - [] ----D C:\Users\Rafael\AppData\Local\Ares
O43 - CFD: 05/07/2011 - 22:36:25 - [0] ----D C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PROJETO F1
~ Program Folder: 253 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B90FA4B0D8706D3B129DA9F0EF77B8EF] - 22/10/2014 - 15:17:14 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\mosfilterdrv.sys [60728]
O44 - LFC:[MD5.636777D40844132654A39823BAB83EBA] - 22/10/2014 - 16:08:50 ---A- . (...) -- C:\Windows\ntbtlog.txt [302680]
O44 - LFC:[MD5.DE971D629D9171764A6C7EDA02DDDAAE] - 23/10/2014 - 11:45:33 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [171826]
O44 - LFC:[MD5.8B835CD0CABD58C614F8F57AB542791A] - 23/10/2014 - 11:45:33 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [774046]
O44 - LFC:[MD5.001CFE1AE7A6377D70F654305ED10458] - 23/10/2014 - 12:47:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208]
~ Files: 78 Legitimates Filtered in 00mn 03s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\fspuip [Key] . (...) -- C:\Program Files (x86)\FSP\fspuip.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HDD Regenerator [Key] . (...) -- C:\Program Files (x86)\HDD Regenerator\Shell.exe
~ SMSR Keys: 15 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:11/12/2012 - 12:13:28 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:23/10/2014 - 12:47:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:23/10/2014 - 12:47:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:23/10/2014 - 12:47:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [267632] =>.ALWIL Software
O58 - SDL:30/03/2010 - 23:35:04 ---A- . (.Windows (R) Win 7 DDK provider - CPUID Driver.) -- C:\Windows\System32\Drivers\cpuz133_x64.sys [20968]
O58 - SDL:10/01/2011 - 09:51:40 ---A- . (.Windows (R) Win 7 DDK provider - Dokan Filesystem Driver.) -- C:\Windows\System32\Drivers\dokan.sys [120408]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:02/10/2014 - 23:29:32 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\mosfilterdrv.sys [60728]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/01/2009 - 19:14:22 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Bus Enumerator Driver.) -- C:\Windows\System32\Drivers\WmBEnum.sys [22024]
O58 - SDL:13/01/2009 - 19:14:30 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Filter Driver.) -- C:\Windows\System32\Drivers\WmFilter.sys [34440]
O58 - SDL:13/01/2009 - 19:14:40 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Hid Lower Filter Driver.) -- C:\Windows\System32\Drivers\WmHidLo.sys [36360]
O58 - SDL:13/01/2009 - 19:14:50 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Virtual Hid Device Driver.) -- C:\Windows\System32\Drivers\WmVirHid.sys [15752]
O58 - SDL:13/01/2009 - 19:14:58 ---A- . (.Logicool Co. Ltd. - Logicool WingMan Translation Driver.) -- C:\Windows\System32\Drivers\WmXlCore.sys [57608]
O58 - SDL:09/10/2012 - 07:29:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46440]
O58 - SDL:23/10/2014 - 12:35:08 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:17/12/2012 - 18:52:43 -SHA- . (...) -- C:\Windows\SysWOW64\mmf.sys [49]
~ Drivers: 95 Legitimates Filtered in 00mn 06s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 23/10/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 28/09/2011 - C:\Windows\system32\drivers\hardlock.sys (hardlock) .(.SafeNet Inc. - Sentinel Hardlock Device Driver for Windows.) - LEGACY_HARDLOCK
O64 - Services: CurCS - 02/10/2014 - C:\Windows\System32\drivers\mosfilterdrv.sys (mosfilterdrv) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_MOSFILTERDRV
~ Legacy: 92 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} - (PSafe ClikSeguro) - http://.clikseguro.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.90B3BC19972CE08541DF688B974DCC3B] [SPRF][22/04/2012] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.B3969BDFC1AF54721DA10B08DED99A49] [SPRF][22/10/2014] (.smart-saverplus - SmartSaver+ 3.5 exe.) -- C:\Users\Rafael\AppData\Roaming\AJJLTT.exe [1538976] =>PUP.CrossRider
[MD5.2A17224D60DFA54B0E575D5E4B2C5779] [SPRF][22/10/2014] (.smart-saverplus - SmartSaver+ 3.5 exe.) -- C:\Users\Rafael\AppData\Roaming\HNGYF.exe [2030496] =>PUP.CrossRider
[MD5.E3772608AC12E0B42D2AD4E4BB131985] [SPRF][29/07/2013] (...) -- C:\Users\Rafael\AppData\Roaming\unins000.dat [12909]
[MD5.EB40DC01EF0D0D91F13AABA0FE1FC0CA] [SPRF][22/10/2014] (.No owner - Aut2Exe.) -- C:\Users\Rafael\Desktop\adwcleaner_4.001.exe [1962496]
[MD5.E4190E33EDA452E96E53EC3827FF83A5] [SPRF][22/10/2014] (.pendrivelinux.com - Universal Linux UFD Creator.) -- C:\Users\Rafael\Desktop\Universal-USB-Installer-1.9.5.6.exe [1088549]
~ Files: 9 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{69526EC7-B8C9-42CA-A0D1-CF57A4537983}C:\program files (x86)\utorrent\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{7159120F-22D6-4D58-B949-9D7B9D0B50BE}C:\program files (x86)\utorrent\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{160C60D0-8ABD-4614-81A1-D743E83528A4}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{6F74670F-FBFB-47BB-BE25-05F6A64EA0D0}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{6C8F9880-1B8F-4B6F-BDAC-2F91E2A5F2C8}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{06BA8D62-CC1B-4349-9024-9EB829ED50F8}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 01s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PennyBeeW_RASAPI32 =>PUP.PaybyAds
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PennyBeeW_RASMANCS =>PUP.PaybyAds
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 306 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Disabled 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Disabled 14/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 11/02/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 30/07/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 28/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SR - | Auto 23/10/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/10/2009 873248 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 22/10/2014 325232 | (ClaraUpdater) . (.ClaraLabs.) - C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
SR - | Auto 10/01/2011 14848 | (DokanMounter) . (...) - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 18/10/2011 4883400 | (hasplms) . (.SafeNet Inc..) - C:\Windows\system32\hasplms.exe
SR - | Auto 30/04/2013 82144 | (hddrsrv) . (...) - C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
SR - | Auto 11/05/2011 126520 | (HPSIService) . (.HP.) - C:\Windows\system32\HPSIsvc.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 30/09/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 09/10/2014 443480 | (NJax) . (...) - C:\Program Files (x86)\NJax\NJax.exe
SR - | Auto 14/05/2007 272024 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 30/09/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s



---\\ Scâner Aditional (088)
Database Version : 13026 - (22/10/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 7

[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
C:\Users\Rafael\AppData\Roaming\AJJLTT.exe =>PUP.CrossRider^
C:\Users\Rafael\AppData\Roaming\HNGYF.exe =>PUP.CrossRider^
C:\Windows\Tasks\AJJLTT.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\AJJLTT =>PUP.CrossRider^
C:\Windows\Tasks\HNGYF.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\HNGYF =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\SmartSaver+ 3.5-nv] =>PUP.CrossRider^
~ Additionnel Scan: 272701 Items scanned in 00mn 40s



---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
http://nicolascoolman.fr/pup-crossrider =>PUP.CrossRider
http://nicolascoolman.fr/pup-paybyads =>PUP.PaybyAds
http://nicolascoolman.fr/trojan-lozavita =>Trojan.Lozavita
~ MSI: 3 link(s) detected in 00mn 00s



~ 1064 Legitimates filtered by white list
End of the scan (549 lines in 01mn 44s)(0)
|i5 4460 Haswell||GA-B85M-D3PH||8Gb Corsair Vengeance 1600 Mhz||SSD Evo 840 120Gb||Gigabyte GTX960 Windforce||Corsair CX500||X-Trike V9|
tadeuboato
tadeuboato Geek Registrado
1.5K Mensagens 407 Curtidas
#6 Por tadeuboato
23/10/2014 - 18:21
Abra o ZHPFix que está salvo em sua "área de trabalho" copie e cole o texto:
Script ZHPFix

FirewallRaz

EmptyPrefetch

EmptyTemp

EmptyFlash

ProxyFix

[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita

C:\Users\Rafael\AppData\Roaming\AJJLTT.exe =>PUP.CrossRider^

C:\Users\Rafael\AppData\Roaming\HNGYF.exe =>PUP.CrossRider^

C:\Windows\Tasks\AJJLTT.job =>PUP.CrossRider^

C:\Windows\System32\Tasks\AJJLTT =>PUP.CrossRider^

C:\Windows\Tasks\HNGYF.job =>PUP.CrossRider^

C:\Windows\System32\Tasks\HNGYF =>PUP.CrossRider^

[HKLM\Software\Wow6432Node\SmartSaver+ 3.5-nv] =>PUP.CrossRider^

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PennyBeeW_RASAPI32 =>PUP.PaybyAds

HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PennyBeeW_RASMANCS =>PUP.PaybyAds

O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}

[MD5.B3969BDFC1AF54721DA10B08DED99A49] [SPRF][22/10/2014] (.smart-saverplus - SmartSaver+ 3.5 exe.) -- C:\Users\Rafael\AppData\Roaming\AJJLTT.exe [1538976] =>PUP.CrossRider

[MD5.2A17224D60DFA54B0E575D5E4B2C5779] [SPRF][22/10/2014] (.smart-saverplus - SmartSaver+ 3.5 exe.) -- C:\Users\Rafael\AppData\Roaming\HNGYF.exe [2030496] =>PUP.CrossRider

[MD5.E3772608AC12E0B42D2AD4E4BB131985] [SPRF][29/07/2013] (...) -- C:\Users\Rafael\AppData\Roaming\unins000.dat [12909]

O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing)

O69 - SBI: SearchScopes [HKCU] {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} - (PSafe ClikSeguro)

O53 - SMSR:HKLM\...\startupreg\fspuip [Key] . (...) -- C:\Program Files (x86)\FSP\fspuip.exe (.not file.)

Pasta Deletada : C:\Users\Public\Documents\baidu

Pasta Deletada : C:\Users\Rafael\AppData\Roaming\eCyber

Pasta Deletada : C:\Users\Rafael\AppData\Local\globalUpdate

Pasta Deletada : C:\ProgramData\Online

Pasta Deletada : C:\Program Files (x86)\PennyBee

Pasta Deletada : C:\Users\Rafael\AppData\Local\Genesis_10221817

Pasta Deletada : C:\Program Files (x86)\SmartSaver+ 3.5

Pasta Deletada : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\faststartff@gmail.com

Pasta Deletada : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\bff772e6677247908d08bf6893@09970427648447999c4d8f4e3f7ec.com

Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml

Arquivo Deletada : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

Arquivo Deletada : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

[HKLM\Software\Wow6432Node\SmartSaver+ 3.5-nv] =>PUP.CrossRider

[HKLM\Software\Wow6432Node\Baidu Security]

[HKCU\Software\Baidu Security]

O41 - Driver: (pofilterdrv) . (. - .) - C:\Windows\System32\drivers\pofilterdrv.sys (.not file.)

[MD5.B3969BDFC1AF54721DA10B08DED99A49] [APT] [AJJLTT] (.smart-saverplus.) -- C:\Users\Rafael\AppData\Roaming\AJJLTT.exe [1538976] =>PUP.CrossRider

[MD5.2A17224D60DFA54B0E575D5E4B2C5779] [APT] [HNGYF] (.smart-saverplus.) -- C:\Users\Rafael\AppData\Roaming\HNGYF.exe [2030496] =>PUP.CrossRider

[MD5.00000000000000000000000000000000] [APT] [Run_Bobby_Browser] (...) -- C:\Users\Rafael\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{00E6C14B-E6A1-4DA5-B412-C4C070171C6F}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{1A0EEF37-AA32-49B2-BF60-7DC685A27D68}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{1BECFE77-4733-4D7B-8ACB-47F1A3BC71DD}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{33823130-0743-4E94-8D5F-88C919830BF4}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{5236E276-EB5F-4E13-807C-8CABEB7DDE05}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{B1B47601-4455-4C2A-B6EE-E9A23FCE87BD}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{CF6C8CAD-AF02-49C8-A692-3C16DCE7780C}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{DC8C48BD-C9A5-48C3-B711-D7C17CB39E94}] (...) -- C:\Program Files\Microprose\Grand Prix 3\GP3.exe (.not file.) [0]

O39 - APT: AJJLTT - (.smart-saverplus.) -- C:\Windows\Tasks\AJJLTT.job [1342] =>PUP.CrossRider

O39 - APT: AJJLTT - (.smart-saverplus.) -- C:\Windows\System32\Tasks\AJJLTT [1342] =>PUP.CrossRider

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271235012-3655327493-2173007354-1000Core [1030]

O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271235012-3655327493-2173007354-1000UA [1082]

O39 - APT: HNGYF - (.smart-saverplus.) -- C:\Windows\Tasks\HNGYF.job [1340] =>PUP.CrossRider

O39 - APT: HNGYF - (.smart-saverplus.) -- C:\Windows\System32\Tasks\HNGYF [1340] =>PUP.CrossRider

O34 - HKLM BootExecute: (aswBoot.exe /M:3d8008804 /wow /dir:"C:\Program Files\AVAST Software\Avast&quot - File not found

ServiceStop:Bfilter

ServiceStop:Bfmon

ServiceStop:Bprotect


Após a remoção post o log gerado.

Ficaremos aguardando.
É nas urnas que o povo brasileiro mostra a força e o tamanho de sua ignorância .

"Nascer, morrer, renascer ainda e progredir sempre, tal é a lei"
Allan Kardec
Oliveira.ibilce
Oliveira.ibi... Super Participante Registrado
690 Mensagens 38 Curtidas
#7 Por Oliveira.ibi...
24/10/2014 - 08:56
Algumas páginas da internet ficam impossíveis de navegar, todas desconfiguradas. A página do fórum mesmo é impossível de navegar, tenho que ir em outro pc para ver o fórum.


Rapport de ZHPFix 2014.10.18.9 par Nicolas Coolman, Update du 18/10/2014
Fichier d'export Registre :
Run by Rafael at 24/10/2014 08:53:47
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Prefetcher vazio

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\Rafael\AppData\Roaming\AJJLTT.exe
ELIMINÉ: Memory Process: C:\Users\Rafael\AppData\Roaming\HNGYF.exe
AUSENTE Memory Process: C:\Program Files\AVAST Software\Avast") - File not found

========== Estado dos serviços ==========
Bfilter Parado
Bfmon Parado
Bprotect Parado

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: HKLM\Software\Wow6432Node\SmartSaver+ 3.5-nv
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PennyBeeW_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PennyBeeW_RASMANCS
ELIMINÉ:* CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
ELIMINÉ: SearchScopes :{012E1000-F331-11DB-8314-0800200C9A66}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{92001F8A-C36B-473A-91E7-5BE0C81CF2B3}
ELIMINÉ:* StartupReg: fspuip
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKCU\Software\Baidu Security

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Public) : TCP Query User{B33B5788-FB8A-47D7-BCD8-C90D18FDC92F}C:\users\rafael\appdata\roaming\gamebox\gameserver.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{BE02D9C0-838A-49BF-86F0-48B260B79C6E}C:\users\rafael\appdata\roaming\gamebox\gameserver.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
ELIMINÉ Temporários windows (367)
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ Temporários windows (490) (204.245.157 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: C:\Windows\Tasks\AJJLTT.job
ELIMINÉ: C:\Windows\System32\Tasks\AJJLTT
ELIMINÉ: C:\Windows\Tasks\HNGYF.job
ELIMINÉ: C:\Windows\System32\Tasks\HNGYF
ELIMINA REINICIAR: c:\windows\system32\tasks\googleupdatetaskusers-1-5-21-4271235012-3655327493-2173007354-1000core
ELIMINA REINICIAR: c:\windows\system32\tasks\googleupdatetaskusers-1-5-21-4271235012-3655327493-2173007354-1000ua

========== Tarefa planificada ==========
ELIMINÉ: AJJLTT
ELIMINÉ: AJJLTT
ELIMINÉ: HNGYF
ELIMINÉ: HNGYF
ELIMINÉ: Run_Bobby_Browser
ELIMINÉ: {00E6C14B-E6A1-4DA5-B412-C4C070171C6F}
ELIMINÉ: {1A0EEF37-AA32-49B2-BF60-7DC685A27D68}
ELIMINÉ: {1BECFE77-4733-4D7B-8ACB-47F1A3BC71DD}
ELIMINÉ: {33823130-0743-4E94-8D5F-88C919830BF4}
ELIMINÉ: {5236E276-EB5F-4E13-807C-8CABEB7DDE05}
ELIMINÉ: {B1B47601-4455-4C2A-B6EE-E9A23FCE87BD}
ELIMINÉ: {CF6C8CAD-AF02-49C8-A692-3C16DCE7780C}
ELIMINÉ: {DC8C48BD-C9A5-48C3-B711-D7C17CB39E94}

========== Outros ==========
NÃO-TRATADO Pasta Deletada : C:\Users\Public\Documents\baidu
NÃO-TRATADO Pasta Deletada : C:\Users\Rafael\AppData\Roaming\eCyber
NÃO-TRATADO Pasta Deletada : C:\Users\Rafael\AppData\Local\globalUpdate
NÃO-TRATADO Pasta Deletada : C:\ProgramData\Online
NÃO-TRATADO Pasta Deletada : C:\Program Files (x86)\PennyBee
NÃO-TRATADO Pasta Deletada : C:\Users\Rafael\AppData\Local\Genesis_10221817
NÃO-TRATADO Pasta Deletada : C:\Program Files (x86)\SmartSaver+ 3.5
NÃO-TRATADO Pasta Deletada : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\[EMAIL]faststartff@gmail.com[/EMAIL]
NÃO-TRATADO Pasta Deletada : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\[EMAIL]bff772e6677247908d08bf6893@09970427648447999c4d8f4e3f7ec.com[/EMAIL]
NÃO-TRATADO Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
NÃO-TRATADO Arquivo Deletada : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
NÃO-TRATADO Arquivo Deletada : C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal


========== Recapitulativo ==========
3 : Processo memória
11 : Chaves do Registo
10 : Valores do Registo
2 : Pastas
8 : Ficheiros
3 : Estado dos serviços
13 : Tarefa planificada
12 : Outros


End of clean in 00mn 17s

========== Caminho do ficheiro do relatório ==========
C:\Users\Rafael\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/10/2014 08:53:52 [4567]
|i5 4460 Haswell||GA-B85M-D3PH||8Gb Corsair Vengeance 1600 Mhz||SSD Evo 840 120Gb||Gigabyte GTX960 Windforce||Corsair CX500||X-Trike V9|
tadeuboato
tadeuboato Geek Registrado
1.5K Mensagens 407 Curtidas
#8 Por tadeuboato
24/10/2014 - 09:19
Vamos procurar algum vestígio usando SystemLook:

Faça o download do SystemLook.exe no endereço abaixo e salve no seu Desktop (área de trabalho):
http://jpshortstuff.247fixes.com/SystemLook.exe (versão 32 bits)
http://jpshortstuff.247fixes.com/SystemLook_x64.exe (versão 64 bits)

*** Para usuários do usuários do Windows Vista ou Windows 7: Clique com o direito sobre o arquivo SystemLook.exe, depois clique em Imagem

Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho abaixo:

:webssearchesSoftware

:folderfind
webssearchesSoftware

:webssearchesSoftware

Cole o texto que você acabou de copiar na caixa de texto do SystemLook.

Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
É nas urnas que o povo brasileiro mostra a força e o tamanho de sua ignorância .

"Nascer, morrer, renascer ainda e progredir sempre, tal é a lei"
Allan Kardec
Oliveira.ibilce
Oliveira.ibi... Super Participante Registrado
690 Mensagens 38 Curtidas
#9 Por Oliveira.ibi...
24/10/2014 - 09:43
SystemLook 30.07.11 by jpshortstuff
Log created at 09:37 on 24/10/2014 by Rafael
Administrator - Elevation successful

Invalid Context: webssearchesSoftware

========== folderfind ==========

Searching for "webssearchesSoftware"
No folders found.

Invalid Context: webssearchesSoftware

-= EOF =-
|i5 4460 Haswell||GA-B85M-D3PH||8Gb Corsair Vengeance 1600 Mhz||SSD Evo 840 120Gb||Gigabyte GTX960 Windforce||Corsair CX500||X-Trike V9|
tadeuboato
tadeuboato Geek Registrado
1.5K Mensagens 407 Curtidas
#10 Por tadeuboato
24/10/2014 - 10:09
Saiu alguma coisa de errado na hora em que eu editei o texto.
Peso-lhe desculpas.

Favor repetir o procedimento com o texto em vermelha abaixo:


:filefind
webssearchesSoftware

:folderfind
Autorun.inf

:regfind
webssearchesSoftware

Ficarei aguardando.
É nas urnas que o povo brasileiro mostra a força e o tamanho de sua ignorância .

"Nascer, morrer, renascer ainda e progredir sempre, tal é a lei"
Allan Kardec
Oliveira.ibilce
Oliveira.ibi... Super Participante Registrado
690 Mensagens 38 Curtidas
#11 Por Oliveira.ibi...
24/10/2014 - 10:45
SystemLook 30.07.11 by jpshortstuff
Log created at 10:42 on 24/10/2014 by Rafael
Administrator - Elevation successful

========== filefind ==========

Searching for "webssearchesSoftware"
No files found.

========== folderfind ==========

Searching for "Autorun.inf "
No folders found.

========== regfind ==========

Searching for "webssearchesSoftware"
No data found.

Invalid Context: webssearchesSoftware

-= EOF =-
|i5 4460 Haswell||GA-B85M-D3PH||8Gb Corsair Vengeance 1600 Mhz||SSD Evo 840 120Gb||Gigabyte GTX960 Windforce||Corsair CX500||X-Trike V9|
Oliveira.ibilce
Oliveira.ibi... Super Participante Registrado
690 Mensagens 38 Curtidas
#13 Por Oliveira.ibi...
24/10/2014 - 11:11
Então, ela continua com algumas páginas da internet impossíveis de navegar, todas desconfiguradas. A página do fórum mesmo é impossível de navegar, tenho que ir em outro pc para ver o fórum.
|i5 4460 Haswell||GA-B85M-D3PH||8Gb Corsair Vengeance 1600 Mhz||SSD Evo 840 120Gb||Gigabyte GTX960 Windforce||Corsair CX500||X-Trike V9|
tadeuboato
tadeuboato Geek Registrado
1.5K Mensagens 407 Curtidas
#14 Por tadeuboato
24/10/2014 - 11:16
Faça o scan com o Esete de preferência utilizando o IE

Abaixo,o scan em Eset pode ser realizado por meio de outros navegadores. ( Firefox,Google Chrome,... )

|- Baixe: < Imagem >

|- Salve-o no desktop!
|- Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
|- Aceite o contrato e marque: "YES, I accept the Terms of Use"
|- Clique: "Start"
|- Em "scan settings",marque "Scan Archives" e "Remove found threats".
|- Clique em "Advanced settings".
|- Marque:

<1> Scan potentially unwanted applications
<2> Scan for potentially unsafe applications
<3> Enable Anti-Stealth technology
|- Clique "Change" e marque a caixa "Computador".
|- Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
|- Ao concluir,clique em "List of found threats".
|- Clique em "Export to text file" e salve o relatório no desktop.
|- Clique "Back" >> "Finish".
|- Poste o relatório!
É nas urnas que o povo brasileiro mostra a força e o tamanho de sua ignorância .

"Nascer, morrer, renascer ainda e progredir sempre, tal é a lei"
Allan Kardec
Oliveira.ibilce
Oliveira.ibi... Super Participante Registrado
690 Mensagens 38 Curtidas
#15 Por Oliveira.ibi...
24/10/2014 - 15:14
Se eu tento procurar alguma coisa ele vai para um site chamado http://dounty.com/ e depois redireciona a pesquisa para o Yahoo Search, mesmo tendo a Google como busca padão.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\PennyBee\DealplyInstallerHelper.dll.vir Win32/DealPly.T potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\1286318c-e3f9-4705-a19c-ab765d2ef6e5-11.exe.vir a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\1286318c-e3f9-4705-a19c-ab765d2ef6e5-2.exe.vir a variant of Win32/Toolbar.CrossRider.AY potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\1286318c-e3f9-4705-a19c-ab765d2ef6e5-3.exe.vir a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\1286318c-e3f9-4705-a19c-ab765d2ef6e5-4.exe.vir a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\1286318c-e3f9-4705-a19c-ab765d2ef6e5-5.exe.vir a variant of Win32/Toolbar.CrossRider.AY potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\1286318c-e3f9-4705-a19c-ab765d2ef6e5-6.exe.vir a variant of Win32/Toolbar.CrossRider.AY potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\1286318c-e3f9-4705-a19c-ab765d2ef6e5-64.exe.vir a variant of Win64/Toolbar.Crossrider.K potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\1286318c-e3f9-4705-a19c-ab765d2ef6e5-7.exe.vir a variant of Win32/Toolbar.CrossRider.AY potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\18ec7394-f56a-4a26-90c3-c8912500537b.dll.vir a variant of Win32/Toolbar.CrossRider.BB potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\2ce89e53-b81b-40ec-b917-388e2a5e7691.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\SmartSaver+ 3.5-bg.exe.vir a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\SmartSaver+ 3.5-bho.dll.vir a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\SmartSaver+ 3.5-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.J potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\SmartSaver+ 3.5-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.AY potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.AW potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SmartSaver+ 3.5\utils.exe.vir Win32/Packed.VMDetector.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\Extensions\[EMAIL]bff772e6677247908d08bf6893@09970427648447999c4d8f4e3f7ec.com[/EMAIL]\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Arquivos Rafael\Séries\Vários\Quarentena\lockdir.exe a variant of Win32/Lockdir.A potentially unsafe application deleted - quarantined
C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbeogiannbchfkmanlajfddhjpdjccda\1.26.48_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UZLKZNM\310714_cf[1] Win32/AdWare.Linkular.AH application cleaned by deleting - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UZLKZNM\310714_ne[1] a variant of Win32/Reporter.A potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UZLKZNM\6dc88d54-32af-446f-b733-b81a45da738f[1].exe a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UZLKZNM\91[1].js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O4QPINK\310714_am[1] a variant of Win32/Amonetize.BQ potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O4QPINK\310714_b4[1] Win32/Reporter.A potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQNSGEN8\310714_ft[1] Win32/AdWare.Linkular.AH application cleaned by deleting - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQNSGEN8\310714_y3[1] a variant of MSIL/Toolbar.Linkury.H potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYC3T6PU\240714_t3[1] a variant of Win64/BrowseFox.BF potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYC3T6PU\310714_a7[1] a variant of Win32/LiMo.A potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYC3T6PU\310714_ss[1] Win32/AdWare.Linkular.AH application cleaned by deleting - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYC3T6PU\310714_vp[1] a variant of Win32/SquareNet.B potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYC3T6PU\setup[1].exe a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\tx4sr6xr.default\extensions\[EMAIL]MGKN37049485@ACPSC11936960.com[/EMAIL]\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Roaming\ZHP\ZHPExportRegistry-24-10-2014-08-53-52.txt JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Roaming\ZHP\Quarantine\ajjltt.exe.VIR a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined
C:\Users\Rafael\AppData\Roaming\ZHP\Quarantine\hngyf.exe.VIR a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application deleted - quarantined
C:\Users\Rafael\Desktop\RESET TX100-TX105\Loader.exe a variant of Win32/HackTool.Patcher.N potentially unsafe application deleted - quarantined
|i5 4460 Haswell||GA-B85M-D3PH||8Gb Corsair Vengeance 1600 Mhz||SSD Evo 840 120Gb||Gigabyte GTX960 Windforce||Corsair CX500||X-Trike V9|
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal