Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Marcelo Jakson Alves Salga

PC lento e travando

Recommended Posts

Ola

Meu computador fica lento, trava e as vezes desliga sozinho

comprei de terceiros e ainda não fiz remoção de malware e demais.

peço ajuda neste sentido pois tenho certo receio de fazer por conta propria

desde já obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Marcelo Jakson Alves Salga

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito.
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta anexando o log do ZA-Scan, de acordo com essas instruções:

http://forum.clubedohardware.com.br/topic/1105783-como-criar-seu-t%C3%B3pico/

 

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • ZA-Scan V1.0.0.5 Updated 30-09-2015
    Tool run by Marcelo on 05/06/2017 at 11:24:00,55.
    Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
    Running in: Normal Mode No Internet Access Detected
    Launched: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FA2ICXHZ\ZA-Scan.exe [Z-Analyse Scan]

    ==== Running Processes ======================

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\MediatekWiFi\Common\RaUI.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
    C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Media Player\setup_wm.exe
    C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FA2ICXHZ\ZA-Scan.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Marcelo\AppData\Local\Temp\ZAScan.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k utcsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\System32\svchost.exe -k swprv

    ==== Services(whitelist) ======================
    Powered by E Dev

    R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
    R2 - [HPSupportSolutionsFrameworkService] - HP Support Solutions Framework Service - c:\program files\hewlett-packard\hp support solutions\hpsupportsolutionsframeworkservice.exe
    R2 - [MediatekRegistryWriter] - MediatekRegistryWriter - c:\program files\mediatekwifi\common\raregistry.exe
    R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
    R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
    R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
    R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    R3 - [BBUpdate] - BBUpdate - c:\program files\microsoft\bingbar\7.1.355.0\seaport.exe
    R3 - [NisSrv] - Inspeção de Rede da Microsoft - c:\program files\microsoft security client\nissrv.exe
    R3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
    S2 - [BBSvc] - BingBar Service - c:\program files\microsoft\bingbar\7.1.355.0\bbsvc.exe
    S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
    S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
    S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
    S3 - [aswbIDSAgent] - aswbIDSAgent - c:\program files\avast software\avast\aswidsagent.exe
    S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe
    S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe
    S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
    S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
    S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
    S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    S3 - [NMIndexingService] - NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe
    S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe
    S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
    S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
    S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
    S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
    S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
    S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
    S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
    S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
    S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

    ==== Drivers(whitelist) ======================
    Powered by E Dev

    R0 - [aswbidsh] - aswbidsh - C:\Windows\system32\Drivers\aswbidsh.sys [x]
    R0 - [aswblog] - aswblog - C:\Windows\system32\Drivers\aswblog.sys [x]
    R0 - [aswbuniv] - aswbuniv - C:\Windows\system32\Drivers\aswbuniv.sys [x]
    R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
    R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
    R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys
    R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
    R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
    R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
    R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
    R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
    R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
    R0 - [aswRvrt] - aswRvrt - C:\Windows\system32\Drivers\aswRvrt.sys
    R0 - [aswVmm] - aswVmm - C:\Windows\system32\Drivers\aswVmm.sys
    R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
    R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
    R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
    R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
    R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
    R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
    R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
    R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
    R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
    R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
    R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
    R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
    R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
    R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
    R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
    R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
    R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x]
    R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
    R0 - [uagp35] - Filtro Microsoft AGPv3.5 - C:\Windows\system32\Drivers\uagp35.sys
    R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
    R0 - [viaide] - viaide - C:\Windows\system32\Drivers\viaide.sys
    R0 - [vmbus] - Barramento da Máquina Virtual - C:\Windows\system32\Drivers\vmbus.sys
    R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
    R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
    R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
    R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
    R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
    R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
    R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
    R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

    ==== Startup Registry Enabled ======================

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
    "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui"
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    ==== Startup Registry Disabled ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chrome3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Chrome3"
    "hkey"="HKLM"
    "command"=";;; C:\\Program Files\\s3graphics\\chrome3\\Chrome3.exe -chkautorun"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroFilterCheck"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VTTimer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VTTimer"
    "hkey"="HKLM"
    "command"=";;; VTTimer.exe"


    ==== Startup Folders ======================

    2017-05-12 11:51:52 1036 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\HPCeeScheduleForMarcelo.job --a------ C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [16/06/2015 08:51]
    C:\Windows\tasks\{3F36FCFA-ACB8-E5E1-7DC5-3FB4BD1841A0}.job --a------ C:\PROGRA1\COMMON1\palikan\SYNHEL1.exe []

    ==== Other Scheduled Tasks ======================

    "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
    "C:\Windows\system32\tasks\Avast Emergency Update" [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe]
    "C:\Windows\system32\tasks\HPCeeScheduleForMarcelo" [C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe]
    "C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 4610 series" ["C:\Program Files\HP\HP Deskjet 4610 series\Bin\HPCustPartic.exe"]
    "C:\Windows\system32\tasks\Opera scheduled Autoupdate 1495469104" [C:\Users\Marcelo\AppData\Local\Programs\Opera\launcher.exe]
    "C:\Windows\system32\tasks\Opera scheduled suite Autoupdate 1495469221" [C:\Users\Marcelo\AppData\Local\Programs\Opera\launcher.exe]
    "C:\Windows\system32\tasks\User_Feed_Synchronization-{8D2A3822-D894-4AC5-82DC-A9DE56FCEC95}" [C:\Windows\system32\msfeedssync.exe]
    "C:\Windows\system32\tasks\{3F36FCFA-ACB8-E5E1-7DC5-3FB4BD1841A0}" [C:\PROGRA~1\COMMON~1\palikan\SYNHEL~1.EXE]
    "C:\Windows\system32\tasks\{CDD59E99-C876-4D1D-8829-D1273BF647B8}" ["c:\program files\internet explorer\iexplore.exe" https://ui.skype.com/ui/0/7.35.0.103/pt/abandoninstall?source=lightinstaller&page=tsInstall]
    "C:\Windows\system32\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]
    "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]
    "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe]
    "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]
    "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
    "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe]

    ==== Chromium Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    kpdmjodecdegfglgaapafjleomjjlpnh - No path found[]

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
    bbjllphbppobebmjpjcijfbakobcheof - No path found[]

    GamingWonderland - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhacnanjblkcpeiiigeigmgkikdklfpi
    Google Sheets - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
    Google Docs Offline - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    Yahoo for Chrome - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh
    Chrome Web Store Payments - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    Google Slides - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
    Google Docs - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
    Google Drive - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
    YouTube - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    GamingWonderland - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eeojlpepoljdpaoiplnlhcfkoigijimc
    Google Sheets - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
    Zwinky - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fidlffpkjchmiflngkkakcmbjmehkdbg
    CONCURSO 2 - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnblnjieklojbaebmppccnhlpnbgplhk
    BTS SUGA - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\foaaedifpgbglfgnhffmkfokogfoflan
    Undeaddies - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gfnnjkppogeoedffjkkkfeoifdkdijia
    Google Docs Offline - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    Pinterest Save Button - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
    JW.ORG - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjnggdeoambkcbgckfmhjbediblojbbd
    CONCURSO 1 - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlbbbacglhgkbpfgoocdfblififhnbkl
    JW Daily Scripture - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hoaeoknbnombjplkahejaedapopgclgg
    Arcane Legends - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ibmlkgieigeddcedpbijnpojheoddido
    Search and New Tab by Yahoo - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh
    Dia De Los Gatos - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhjegjhckjmknanpafmhfbjhmnhahgja
    Seahorse Damask Black - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcehndhnkchodlkekpjlgpoobdjobogc
    Chrome Web Store Payments - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    Chrome Media Router - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

    ==== IE Start and Search Settings ======================

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.google.com.br/?gws_rd=ssl"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.palikan.com/?f=1&a=plk_coinisre_17_22_ssg01&cd=2XzuyEtN2Y1L1QzutC0CyB0E0EyDyD0EzytD0ByD0FtBtCtDtN0D0Tzu0StCzyyCzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDyEtA0AtA0B0CyEtGtDzy0AzztGyEtDyDtBtGyDyEyBtCtGyDzzzy0CyEyE0C0F0A0FtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzytC0E0AzzyCtBtG0Dzy0B0AtGyEzz0DtAtGzy0B0CtDtG0A0EtBtBtD0E0Ezy0F0EzzyB2QtN0A0LzuyE&cr=1366431911&ir="
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
    {11FFAFCB-4DEE-4608-BAB5-D481A18DDD91} Yahoo Search Url="https://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default"
    {5e7797ae-5ca1-4b50-95d8-97e746340487} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

    ==== HijackThis Entries ======================

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    ==== EOF on 05/06/2017 at 11:43:14,06 ===================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Marcelo Jakson Alves Salga

     

    O ZA-Scan deve ser executado diretamente de sua área de trabalho.

     

    Citação

    Launched: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FA2ICXHZ\ZA-Scan.exe [Z-Analyse Scan]

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ZA-Scan V1.0.0.5 Updated 30-09-2015
    Tool run by Moacir on 28/05/2017 at 17:03:41,50.
    Microsoft Windows 10 Pro 10.0.15063  x64
    Running in: Normal Mode No Internet Access Detected
    Launched: C:\Users\Moacir\Desktop\ZA-Scan.exe [Z-Analyse Scan]

    ==== Running Processes ======================

    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
    C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
    C:\Program Files\Microvirt\MEmu\MEmuConsole.exe
    C:\Program Files\Microvirt\MEmu\adb.exe
    C:\Users\Moacir\Desktop\ZA-Scan.exe
    C:\WINDOWS\SysWOW64\cmd.exe
    C:\WINDOWS\SysWOW64\cmd.exe
    C:\WINDOWS\SysWOW64\cmd.exe
    C:\Users\Moacir\AppData\Local\Temp\ZAScan.exe
    C:\WINDOWS\SysWOW64\Wbem\wmic.exe

    ==== Services(whitelist) ======================
    Powered by E Dev

    R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
    R2 - [AdvancedSystemCareService10] - Advanced SystemCare Service 10 - c:\program files (x86)\iobit\advanced systemcare\ascservice.exe
    R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
    R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
    R2 - [AntiVirSchedulerService] - Avira Scheduler - c:\program files (x86)\avira\antivir desktop\sched.exe
    R2 - [AntiVirService] - Avira Real-Time Protection - c:\program files (x86)\avira\antivir desktop\avguard.exe
    R2 - [Avira.ServiceHost] - Avira Service Host - c:\program files (x86)\avira\launcher\avira.servicehost.exe
    R2 - [ClickToRunSvc] - Serviço Clique para Executar do Microsoft Office - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
    R2 - [GbpSv] - Gbp Service - c:\progra~2\gbplugin\gbpsv.exe
    R2 - [IMFservice] - IMF Service - c:\program files (x86)\iobit\iobit malware fighter\imfsrv.exe
    R2 - [IObitUnSvr] - IObit Uninstaller Service - c:\program files (x86)\iobit\iobit uninstaller\iuservice.exe
    R2 - [SecurityHealthService] - Serviço da Central de Segurança do Windows Defender - c:\windows\system32\securityhealthservice.exe
    R2 - [Warsaw Technology] - Warsaw Technology - c:\program files\diebold\warsaw\core.exe
    R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
    R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    S2 - [AntiVirMailService] - Avira Mail Protection - c:\program files (x86)\avira\antivir desktop\avmailc7.exe
    S2 - [AntiVirWebService] - Avira Web Protection - c:\program files (x86)\avira\antivir desktop\avwebg7.exe
    S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
    S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
    S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
    S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
    S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe
    S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
    S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
    S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
    S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
    S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
    S3 - [PlaysService] - Plays.tv Update Service - c:\program files (x86)\raptr inc\playstv\plays_service.exe
    S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
    S3 - [Sense] - Serviço Proteção Avançada contra Ameaças do Windows Defender - c:\program files\windows defender advanced threat protection\mssense.exe
    S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe
    S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
    S3 - [spectrum] - Serviço de Percepção do Windows - c:\windows\system32\spectrum.exe
    S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe
    S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
    S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
    S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
    S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
    S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender Antivirus - c:\program files\windows defender\nissrv.exe
    S3 - [WinDefend] - Serviço Windows Defender Antivirus - c:\program files\windows defender\msmpeng.exe
    S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe
    S4 - [AppVClient] - Microsoft App-V Client - c:\windows\system32\appvclient.exe
    S4 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
    S4 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
    S4 - [UevAgentService] - Serviço de User Experience Virtualization - c:\windows\system32\agentservice.exe

    ==== Drivers(whitelist) ======================
    Powered by E Dev

    R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
    R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
    R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
    R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
    R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
    R2 - [srv] - Driver SMB 1.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv.sys
    R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys
    R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys
    R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
    R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
    R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
    R0 - [Disk] - Driver de disco - C:\WINDOWS\system32\Drivers\Disk.sys
    R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys
    R0 - [gbpddreg] - Gbpddreg svc - C:\WINDOWS\system32\Drivers\gbpddreg.sys [x]
    R0 - [intelpep] - Driver Intel(R) Power Engine Plug-in - C:\WINDOWS\system32\Drivers\intelpep.sys
    R0 - [iorate] - Driver do Filtro de Taxa de E/S de Disco - C:\WINDOWS\system32\Drivers\iorate.sys
    R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
    R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
    R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys
    R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
    R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys
    R0 - [partmgr] - Driver de partição - C:\WINDOWS\system32\Drivers\partmgr.sys
    R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys
    R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
    R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
    R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
    R0 - [SmartDefragDriver] - SmartDefragDriver - C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
    R0 - [spaceport] - Driver de Espaços de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys
    R0 - [storahci] - Driver AHCI SATA Padrão da Microsoft - C:\WINDOWS\system32\Drivers\storahci.sys
    R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys
    R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys
    R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys
    R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\WINDOWS\system32\Drivers\volmgrx.sys
    R0 - [volsnap] - Volume Shadow Copy driver - C:\WINDOWS\system32\Drivers\volsnap.sys
    R0 - [volume] - Driver do volume - C:\WINDOWS\system32\Drivers\volume.sys
    R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys
    R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
    R0 - [WindowsTrustedRT] - Windows Trusted Execution Environment Class Extension - C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
    R0 - [WindowsTrustedRTProxy] - Serviço de Proteção de Tempo de Execução Confiável do Microsoft Windows - C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys
    R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
    R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
    R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys
    R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
    S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
    S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
    S0 - [RapportHades64] - RapportHades64 - C:\WINDOWS\system32\Drivers\RapportHades64.sys
    S3 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys
    S3 - [Tcpip6] - @todo.dll,-100;Microsoft IPv6 Protocol Driver - C:\WINDOWS\system32\Drivers\Tcpip6.sys [x]

    ==== Startup Registry Enabled ======================

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
    "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
    "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

    [HKEY_USERS\S-1-5-21-3480512729-4083236392-2533437033-1001\Software\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
    "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
    "Advanced SystemCare 10"="C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
    "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
    "Avira SystrayStartTrigger"="C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
    "IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
    "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
    "Advanced SystemCare 10"="C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto"

    ==== Startup Registry Enabled x64 ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SecurityHealth"="%ProgramFiles%\Windows Defender\MSASCuiL.exe"

    ==== Startup Registry Disabled x64 ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdvancedSystemCareService8]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD FUEL Service]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdateSvc]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NielsenUpdate]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VIAKaraokeService]


    ==== Task Scheduler Jobs ======================

    C:\WINDOWS\tasks\ASC9_SkipUac_Moacir.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [30/03/2017 18:04]
    C:\WINDOWS\tasks\ASC9_SkipUac_SISTEMA.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [30/03/2017 18:04]
    C:\WINDOWS\tasks\Uninstaller_SkipUac_Moacir.job --a-------- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [15/12/2016 11:18]

    ==== Other Scheduled Tasks ======================

    "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
    "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
    "C:\WINDOWS\SysNative\tasks\ASC10_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe]
    "C:\WINDOWS\SysNative\tasks\ASC10_SkipUac_Moacir" ["C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac]
    "C:\WINDOWS\SysNative\tasks\ASC9_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe]
    "C:\WINDOWS\SysNative\tasks\ASC9_SkipUac_Moacir" [C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac]
    "C:\WINDOWS\SysNative\tasks\ASC9_SkipUac_SISTEMA" [C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac]
    "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
    "C:\WINDOWS\SysNative\tasks\Driver Booster Scheduler" [C:\Program Files (x86)\IObit\Driver Booster\4.4.0\Scheduler.exe]
    "C:\WINDOWS\SysNative\tasks\Driver Booster SkipUAC (Moacir)" [C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe]
    "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
    "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
    "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task v2" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe]
    "C:\WINDOWS\SysNative\tasks\SmartDefrag4_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe]
    "C:\WINDOWS\SysNative\tasks\SmartDefrag4_Update" [C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe]
    "C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Moacir" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
    "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{686A1034-150F-42E8-8669-D5FF5F2A65F4}" [C:\WINDOWS\system32\msfeedssync.exe]

    ==== Firefox Start and Search pages ======================

    ProfilePath: C:\Users\Moacir\AppData\Roaming\Mozilla\Firefox\Profiles\9jifs7ub.default
    user_pref("browser.startup.homepage", "www.google.com.br");
    user_pref("browser.search.defaultenginename", "Google");

    ProfilePath: C:\Users\Moacir\AppData\Roaming\Mozilla\Firefox\Profiles\yu13qgxu.default-1429361613638
    user_pref("browser.startup.homepage", "www.google.com.br");

    ==== Firefox Proxy Settings ======================

    ProfilePath: C:\Users\Moacir\AppData\Roaming\Mozilla\Firefox\Profiles\yu13qgxu.default-1429361613638
    user_pref("network.proxy.type", 4);

    ==== Firefox Extensions Registry ======================

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
    "netsight@nielsen.com"="C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter4\FirefoxAddOns\netsight@nielsen.xpi" []
    [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
    "{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Moacir\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" []

    ==== Firefox Extensions ======================

    ProfilePath: C:\Users\Moacir\AppData\Roaming\Thunderbird\Profiles\1f7xhzzs.default
    - Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

    AppDir: C:\Program Files (x86)\Mozilla Firefox
    - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\Moacir\AppData\Roaming\Mozilla\Firefox\Profiles\9jifs7ub.default
    80320392DCC61B22F0BB23DD5AD7D341 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll - Shockwave Flash
    18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
    F3B0E300AFC94E1A775A2D935A7D384F - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

    Profilepath: C:\Users\Moacir\AppData\Roaming\Mozilla\Firefox\Profiles\yu13qgxu.default-1429361613638
    18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
    F3B0E300AFC94E1A775A2D935A7D384F - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director


    ==== Chromium Look ======================

    Google Chrome Version: 46.0.2490.86

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
    bbjllphbppobebmjpjcijfbakobcheof - No path found[]

    Google Slides - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
    Google Docs - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
    Google Drive - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
    Rapport - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof
    YouTube - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    Google Search - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    Google Sheets - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
    Google Docs Offline - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    Chrome Web Store Payments - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    Gmail - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    Chrome Media Router - Moacir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

    ==== IE Start and Search Settings ======================

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {0014BB0F-FD3D-4DBA-830E-007E6E109128} Yahoo Search Url="https://br.search.yahoo.com/search?p={searchTerms}&intl=br&fr=yset_ie_syc_oracle&type=orcl_default"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

    ==== HijackThis Entries ======================

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    F2 - REG:system.ini: UserInit=
    O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll
    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5b897b1b-b648-463a-915b-b15f64898814}: NameServer = 8.8.8.8,8.8.4.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5b897b1b-b648-463a-915b-b15f64898814}: NameServer = 8.8.8.8,8.8.4.4

    ==== EOF on 28/05/2017 at 17:21:45,78 ======================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Marcelo Jakson Alves Salga

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

     

    createsrpoint;
    shortcutfix;
    ffdefaults;
    chrdefaults;
    resetwmi;
    resetieproxy;
    network.proxy;ff
    emptyclsid;
    autoclean;
    ipconfig /flushdns >>"%temp%\log.txt";b

     

    Salve este arquivo na na sua área de trabalho com o nome zascript

    Novamente, execute o ZA-Scan.exe e aguarde.
    Copie e cole o conteúdo desse arquivo em sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico

  • ZA-Scan V1.0.0.5 Updated 30-09-2015
    Tool run by Marcelo on 08/06/2017 at  9:38:25,57.
    Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
    Running in: Normal Mode No Internet Access Detected
    Launched: C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GI57UQ3\ZA-Scan.exe [Z-Analyse Scan]

    ==== Running Processes ======================

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\MediatekWiFi\Common\RaUI.exe
    C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe
    C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GI57UQ3\ZA-Scan.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Marcelo\AppData\Local\Temp\ZAScan.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k utcsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k SDRSVC

    ==== Services(whitelist) ======================
    Powered by E Dev

    R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
    R2 - [MediatekRegistryWriter] - MediatekRegistryWriter - c:\program files\mediatekwifi\common\raregistry.exe
    R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
    R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
    R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
    R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    R3 - [BBUpdate] - BBUpdate - c:\program files\microsoft\bingbar\7.1.355.0\seaport.exe
    R3 - [NisSrv] - Inspeção de Rede da Microsoft - c:\program files\microsoft security client\nissrv.exe
    S2 - [BBSvc] - BingBar Service - c:\program files\microsoft\bingbar\7.1.355.0\bbsvc.exe
    S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
    S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
    S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
    S3 - [aswbIDSAgent] - aswbIDSAgent - c:\program files\avast software\avast\aswidsagent.exe
    S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe
    S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe
    S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
    S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
    S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
    S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    S3 - [NMIndexingService] - NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe
    S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe
    S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
    S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
    S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
    S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
    S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
    S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
    S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
    S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
    S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
    S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

    ==== Drivers(whitelist) ======================
    Powered by E Dev

    R0 - [aswbidsh] - aswbidsh - C:\Windows\system32\Drivers\aswbidsh.sys [x]
    R0 - [aswblog] - aswblog - C:\Windows\system32\Drivers\aswblog.sys [x]
    R0 - [aswbuniv] - aswbuniv - C:\Windows\system32\Drivers\aswbuniv.sys [x]
    R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
    R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
    R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys
    R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
    R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
    R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
    R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
    R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
    R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
    R0 - [aswRvrt] - aswRvrt - C:\Windows\system32\Drivers\aswRvrt.sys
    R0 - [aswVmm] - aswVmm - C:\Windows\system32\Drivers\aswVmm.sys
    R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
    R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
    R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
    R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
    R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
    R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
    R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
    R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
    R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
    R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
    R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
    R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
    R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
    R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
    R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
    R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
    R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x]
    R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
    R0 - [uagp35] - Filtro Microsoft AGPv3.5 - C:\Windows\system32\Drivers\uagp35.sys
    R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
    R0 - [viaide] - viaide - C:\Windows\system32\Drivers\viaide.sys
    R0 - [vmbus] - Barramento da Máquina Virtual - C:\Windows\system32\Drivers\vmbus.sys
    R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
    R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
    R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
    R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
    R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
    R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
    R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
    R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

    ==== Startup Registry Enabled ======================

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
    "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui"
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    ==== Startup Registry Disabled ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chrome3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Chrome3"
    "hkey"="HKLM"
    "command"=";;; C:\\Program Files\\s3graphics\\chrome3\\Chrome3.exe -chkautorun"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroFilterCheck"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VTTimer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VTTimer"
    "hkey"="HKLM"
    "command"=";;; VTTimer.exe"


    ==== Startup Folders ======================

    2017-05-12 11:51:52 1036 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\HPCeeScheduleForMarcelo.job --a------ C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe []
    C:\Windows\tasks\{3F36FCFA-ACB8-E5E1-7DC5-3FB4BD1841A0}.job --a------ C:\PROGRA1\COMMON1\palikan\SYNHEL1.exe []

    ==== Other Scheduled Tasks ======================

    "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
    "C:\Windows\system32\tasks\Avast Emergency Update" [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe]
    "C:\Windows\system32\tasks\HPCeeScheduleForMarcelo" [C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe]
    "C:\Windows\system32\tasks\Opera scheduled Autoupdate 1495469104" [C:\Users\Marcelo\AppData\Local\Programs\Opera\launcher.exe]
    "C:\Windows\system32\tasks\Opera scheduled suite Autoupdate 1495469221" [C:\Users\Marcelo\AppData\Local\Programs\Opera\launcher.exe]
    "C:\Windows\system32\tasks\User_Feed_Synchronization-{8D2A3822-D894-4AC5-82DC-A9DE56FCEC95}" [C:\Windows\system32\msfeedssync.exe]
    "C:\Windows\system32\tasks\{3F36FCFA-ACB8-E5E1-7DC5-3FB4BD1841A0}" [C:\PROGRA~1\COMMON~1\palikan\SYNHEL~1.EXE]
    "C:\Windows\system32\tasks\{CDD59E99-C876-4D1D-8829-D1273BF647B8}" ["c:\program files\internet explorer\iexplore.exe" https://ui.skype.com/ui/0/7.35.0.103/pt/abandoninstall?source=lightinstaller&page=tsInstall]
    "C:\Windows\system32\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]
    "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]

    ==== Chromium Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    kpdmjodecdegfglgaapafjleomjjlpnh - No path found[]

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
    bbjllphbppobebmjpjcijfbakobcheof - No path found[]

    GamingWonderland - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhacnanjblkcpeiiigeigmgkikdklfpi
    Google Sheets - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
    Google Docs Offline - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    Yahoo for Chrome - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh
    Chrome Web Store Payments - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    Google Slides - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
    Google Docs - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
    Google Drive - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
    YouTube - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    GamingWonderland - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eeojlpepoljdpaoiplnlhcfkoigijimc
    Google Sheets - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
    Zwinky - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fidlffpkjchmiflngkkakcmbjmehkdbg
    CONCURSO 2 - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnblnjieklojbaebmppccnhlpnbgplhk
    BTS SUGA - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\foaaedifpgbglfgnhffmkfokogfoflan
    Undeaddies - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gfnnjkppogeoedffjkkkfeoifdkdijia
    Google Docs Offline - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    Pinterest Save Button - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
    JW.ORG - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjnggdeoambkcbgckfmhjbediblojbbd
    CONCURSO 1 - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlbbbacglhgkbpfgoocdfblififhnbkl
    JW Daily Scripture - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hoaeoknbnombjplkahejaedapopgclgg
    Arcane Legends - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ibmlkgieigeddcedpbijnpojheoddido
    Search and New Tab by Yahoo - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh
    Dia De Los Gatos - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhjegjhckjmknanpafmhfbjhmnhahgja
    Seahorse Damask Black - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcehndhnkchodlkekpjlgpoobdjobogc
    Chrome Web Store Payments - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    Chrome Media Router - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

    ==== IE Start and Search Settings ======================

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.google.com.br/?gws_rd=ssl"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.palikan.com/?f=1&a=plk_coinisre_17_22_ssg01&cd=2XzuyEtN2Y1L1QzutC0CyB0E0EyDyD0EzytD0ByD0FtBtCtDtN0D0Tzu0StCzyyCzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDyEtA0AtA0B0CyEtGtDzy0AzztGyEtDyDtBtGyDyEyBtCtGyDzzzy0CyEyE0C0F0A0FtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzytC0E0AzzyCtBtG0Dzy0B0AtGyEzz0DtAtGzy0B0CtDtG0A0EtBtBtD0E0Ezy0F0EzzyB2QtN0A0LzuyE&cr=1366431911&ir="
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
    {11FFAFCB-4DEE-4608-BAB5-D481A18DDD91} Yahoo Search Url="https://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default"
    {5e7797ae-5ca1-4b50-95d8-97e746340487} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

    ==== HijackThis Entries ======================

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    ==== EOF on 08/06/2017 at  9:50:33,95 ======================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Em 2017-6-9 às 17:04, Marcelo Jakson Alves Salga disse:

    nao sei como executar

     

     

    A ferramenta ZA-Scan.exe e o script (zascript) devem estar no mesmo local, ou seja na área de trabalho.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico

  • ZA-Scan V1.0.0.5 Updated 30-09-2015
    Tool run by Marcelo on 12/06/2017 at  9:10:43,26.
    Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
    Running in: Normal Mode No Internet Access Detected
    Launched: C:\Users\Marcelo\Desktop\ZA-Scan.exe [Z-Analyse Scan]

    ==== Running Processes ======================

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\MediatekWiFi\Common\RaUI.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe
    C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Marcelo\Desktop\ZA-Scan.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Marcelo\AppData\Local\Temp\ZAScan.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k utcsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k SDRSVC

    ==== Services(whitelist) ======================
    Powered by E Dev

    R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
    R2 - [MediatekRegistryWriter] - MediatekRegistryWriter - c:\program files\mediatekwifi\common\raregistry.exe
    R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
    R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
    R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
    R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    R3 - [BBUpdate] - BBUpdate - c:\program files\microsoft\bingbar\7.1.355.0\seaport.exe
    S2 - [BBSvc] - BingBar Service - c:\program files\microsoft\bingbar\7.1.355.0\bbsvc.exe
    S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
    S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
    S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
    S3 - [aswbIDSAgent] - aswbIDSAgent - c:\program files\avast software\avast\aswidsagent.exe
    S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe
    S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe
    S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
    S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
    S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
    S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    S3 - [NisSrv] - Inspeção de Rede da Microsoft - c:\program files\microsoft security client\nissrv.exe
    S3 - [NMIndexingService] - NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe
    S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe
    S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
    S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
    S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
    S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
    S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
    S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
    S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
    S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
    S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
    S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

    ==== Drivers(whitelist) ======================
    Powered by E Dev

    R0 - [aswbidsh] - aswbidsh - C:\Windows\system32\Drivers\aswbidsh.sys [x]
    R0 - [aswblog] - aswblog - C:\Windows\system32\Drivers\aswblog.sys [x]
    R0 - [aswbuniv] - aswbuniv - C:\Windows\system32\Drivers\aswbuniv.sys [x]
    R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
    R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
    R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys
    R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
    R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
    R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
    R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
    R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
    R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
    R0 - [aswRvrt] - aswRvrt - C:\Windows\system32\Drivers\aswRvrt.sys
    R0 - [aswVmm] - aswVmm - C:\Windows\system32\Drivers\aswVmm.sys
    R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
    R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
    R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
    R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
    R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
    R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
    R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
    R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
    R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
    R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
    R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
    R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
    R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
    R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
    R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
    R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
    R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x]
    R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
    R0 - [uagp35] - Filtro Microsoft AGPv3.5 - C:\Windows\system32\Drivers\uagp35.sys
    R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
    R0 - [viaide] - viaide - C:\Windows\system32\Drivers\viaide.sys
    R0 - [vmbus] - Barramento da Máquina Virtual - C:\Windows\system32\Drivers\vmbus.sys
    R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
    R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
    R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
    R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
    R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
    R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
    R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
    R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

    ==== Startup Registry Enabled ======================

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
    "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui"
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    ==== Startup Registry Disabled ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chrome3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Chrome3"
    "hkey"="HKLM"
    "command"=";;; C:\\Program Files\\s3graphics\\chrome3\\Chrome3.exe -chkautorun"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroFilterCheck"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VTTimer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VTTimer"
    "hkey"="HKLM"
    "command"=";;; VTTimer.exe"


    ==== Startup Folders ======================

    2017-05-12 11:51:52 1036 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\HPCeeScheduleForMarcelo.job --a------ C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe []
    C:\Windows\tasks\{3F36FCFA-ACB8-E5E1-7DC5-3FB4BD1841A0}.job --a------ C:\PROGRA1\COMMON1\palikan\SYNHEL1.exe []

    ==== Other Scheduled Tasks ======================

    "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
    "C:\Windows\system32\tasks\Avast Emergency Update" [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe]
    "C:\Windows\system32\tasks\HPCeeScheduleForMarcelo" [C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe]
    "C:\Windows\system32\tasks\Opera scheduled Autoupdate 1495469104" [C:\Users\Marcelo\AppData\Local\Programs\Opera\launcher.exe]
    "C:\Windows\system32\tasks\Opera scheduled suite Autoupdate 1495469221" [C:\Users\Marcelo\AppData\Local\Programs\Opera\launcher.exe]
    "C:\Windows\system32\tasks\User_Feed_Synchronization-{8D2A3822-D894-4AC5-82DC-A9DE56FCEC95}" [C:\Windows\system32\msfeedssync.exe]
    "C:\Windows\system32\tasks\{3F36FCFA-ACB8-E5E1-7DC5-3FB4BD1841A0}" [C:\PROGRA~1\COMMON~1\palikan\SYNHEL~1.EXE]
    "C:\Windows\system32\tasks\{CDD59E99-C876-4D1D-8829-D1273BF647B8}" ["c:\program files\internet explorer\iexplore.exe" https://ui.skype.com/ui/0/7.35.0.103/pt/abandoninstall?source=lightinstaller&page=tsInstall]
    "C:\Windows\system32\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]
    "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]

    ==== Chromium Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    kpdmjodecdegfglgaapafjleomjjlpnh - No path found[]

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
    bbjllphbppobebmjpjcijfbakobcheof - No path found[]

    GamingWonderland - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhacnanjblkcpeiiigeigmgkikdklfpi
    Google Sheets - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
    Google Docs Offline - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    Yahoo for Chrome - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh
    Chrome Web Store Payments - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    Google Slides - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
    Google Docs - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
    Google Drive - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
    YouTube - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    GamingWonderland - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eeojlpepoljdpaoiplnlhcfkoigijimc
    Google Sheets - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
    Zwinky - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fidlffpkjchmiflngkkakcmbjmehkdbg
    CONCURSO 2 - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnblnjieklojbaebmppccnhlpnbgplhk
    BTS SUGA - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\foaaedifpgbglfgnhffmkfokogfoflan
    Undeaddies - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gfnnjkppogeoedffjkkkfeoifdkdijia
    Google Docs Offline - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    Pinterest Save Button - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
    JW.ORG - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjnggdeoambkcbgckfmhjbediblojbbd
    CONCURSO 1 - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlbbbacglhgkbpfgoocdfblififhnbkl
    JW Daily Scripture - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hoaeoknbnombjplkahejaedapopgclgg
    Arcane Legends - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ibmlkgieigeddcedpbijnpojheoddido
    Search and New Tab by Yahoo - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh
    Dia De Los Gatos - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhjegjhckjmknanpafmhfbjhmnhahgja
    Seahorse Damask Black - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcehndhnkchodlkekpjlgpoobdjobogc
    Chrome Web Store Payments - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    Chrome Media Router - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

    ==== IE Start and Search Settings ======================

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.google.com.br/?gws_rd=ssl"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.palikan.com/?f=1&a=plk_coinisre_17_22_ssg01&cd=2XzuyEtN2Y1L1QzutC0CyB0E0EyDyD0EzytD0ByD0FtBtCtDtN0D0Tzu0StCzyyCzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDyEtA0AtA0B0CyEtGtDzy0AzztGyEtDyDtBtGyDyEyBtCtGyDzzzy0CyEyE0C0F0A0FtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzytC0E0AzzyCtBtG0Dzy0B0AtGyEzz0DtAtGzy0B0CtDtG0A0EtBtBtD0E0Ezy0F0EzzyB2QtN0A0LzuyE&cr=1366431911&ir="
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
    {11FFAFCB-4DEE-4608-BAB5-D481A18DDD91} Yahoo Search Url="https://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default"
    {5e7797ae-5ca1-4b50-95d8-97e746340487} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

    ==== HijackThis Entries ======================

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    ==== EOF on 12/06/2017 at  9:13:20,01 ======================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Marcelo Jakson Alves Salga

     

    O script ainda não foi executado. Vamos fazer o seguinte:

     

     Baixe o anexo (zascript.txt) deste post e salve na sua área de trabalho. Onde deve está salvo também o ZA-Scan.exe

     

    Em seguida execute a ferramenta ZA-Scan.exe

     

    Ao final, copie e cole o conteúdo desse arquivo em sua próxima resposta.

    zascript.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico

  • ZA-Scan V1.0.0.5 Updated 30-09-2015
    Tool run by Marcelo on 13/06/2017 at 12:16:11,34.
    Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
    Running in: Normal Mode No Internet Access Detected
    Launched: C:\Users\Marcelo\Desktop\ZA-Scan.exe [Z-Analyse Scan]

    ==== Running Processes ======================

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\MediatekWiFi\Common\RaUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe
    C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Marcelo\Desktop\ZA-Scan.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Marcelo\AppData\Local\Temp\ZAScan.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k utcsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k SDRSVC

    ==== Services(whitelist) ======================
    Powered by E Dev

    R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
    R2 - [MediatekRegistryWriter] - MediatekRegistryWriter - c:\program files\mediatekwifi\common\raregistry.exe
    R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
    R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
    R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
    R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
    R3 - [BBUpdate] - BBUpdate - c:\program files\microsoft\bingbar\7.1.355.0\seaport.exe
    S2 - [BBSvc] - BingBar Service - c:\program files\microsoft\bingbar\7.1.355.0\bbsvc.exe
    S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
    S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
    S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
    S3 - [aswbIDSAgent] - aswbIDSAgent - c:\program files\avast software\avast\aswidsagent.exe
    S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
    S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe
    S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe
    S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
    S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
    S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
    S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
    S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
    S3 - [NisSrv] - Inspeção de Rede da Microsoft - c:\program files\microsoft security client\nissrv.exe
    S3 - [NMIndexingService] - NMIndexingService - c:\program files\common files\ahead\lib\nmindexingservice.exe
    S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe
    S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
    S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
    S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
    S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
    S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
    S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
    S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
    S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
    S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
    S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe

    ==== Drivers(whitelist) ======================
    Powered by E Dev

    R0 - [aswbidsh] - aswbidsh - C:\Windows\system32\Drivers\aswbidsh.sys [x]
    R0 - [aswblog] - aswblog - C:\Windows\system32\Drivers\aswblog.sys [x]
    R0 - [aswbuniv] - aswbuniv - C:\Windows\system32\Drivers\aswbuniv.sys [x]
    R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
    R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
    R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\Windows\system32\Drivers\MpFilter.sys
    R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
    R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
    R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
    R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
    R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
    R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
    R0 - [aswRvrt] - aswRvrt - C:\Windows\system32\Drivers\aswRvrt.sys
    R0 - [aswVmm] - aswVmm - C:\Windows\system32\Drivers\aswVmm.sys
    R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
    R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
    R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
    R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
    R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
    R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
    R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
    R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
    R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
    R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
    R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
    R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
    R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
    R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
    R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
    R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
    R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x]
    R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
    R0 - [uagp35] - Filtro Microsoft AGPv3.5 - C:\Windows\system32\Drivers\uagp35.sys
    R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
    R0 - [viaide] - viaide - C:\Windows\system32\Drivers\viaide.sys
    R0 - [vmbus] - Barramento da Máquina Virtual - C:\Windows\system32\Drivers\vmbus.sys
    R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
    R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
    R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
    R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\Windows\system32\Drivers\Wdf01000.sys
    R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
    R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
    R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
    R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

    ==== Startup Registry Enabled ======================

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"

    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
    "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui"
    "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    ==== Startup Registry Disabled ======================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Chrome3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Chrome3"
    "hkey"="HKLM"
    "command"=";;; C:\\Program Files\\s3graphics\\chrome3\\Chrome3.exe -chkautorun"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroFilterCheck"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VTTimer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VTTimer"
    "hkey"="HKLM"
    "command"=";;; VTTimer.exe"


    ==== Startup Folders ======================

    2017-05-12 11:51:52 1036 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\HPCeeScheduleForMarcelo.job --a------ C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe []
    C:\Windows\tasks\{3F36FCFA-ACB8-E5E1-7DC5-3FB4BD1841A0}.job --a------ C:\PROGRA1\COMMON1\palikan\SYNHEL1.exe []

    ==== Other Scheduled Tasks ======================

    "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
    "C:\Windows\system32\tasks\Avast Emergency Update" [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe]
    "C:\Windows\system32\tasks\HPCeeScheduleForMarcelo" [C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe]
    "C:\Windows\system32\tasks\Opera scheduled Autoupdate 1495469104" [C:\Users\Marcelo\AppData\Local\Programs\Opera\launcher.exe]
    "C:\Windows\system32\tasks\Opera scheduled suite Autoupdate 1495469221" [C:\Users\Marcelo\AppData\Local\Programs\Opera\launcher.exe]
    "C:\Windows\system32\tasks\User_Feed_Synchronization-{8D2A3822-D894-4AC5-82DC-A9DE56FCEC95}" [C:\Windows\system32\msfeedssync.exe]
    "C:\Windows\system32\tasks\{3F36FCFA-ACB8-E5E1-7DC5-3FB4BD1841A0}" [C:\PROGRA~1\COMMON~1\palikan\SYNHEL~1.EXE]
    "C:\Windows\system32\tasks\{CDD59E99-C876-4D1D-8829-D1273BF647B8}" ["c:\program files\internet explorer\iexplore.exe" https://ui.skype.com/ui/0/7.35.0.103/pt/abandoninstall?source=lightinstaller&page=tsInstall]
    "C:\Windows\system32\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]
    "C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]

    ==== Chromium Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    kpdmjodecdegfglgaapafjleomjjlpnh - No path found[]

    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
    bbjllphbppobebmjpjcijfbakobcheof - No path found[]

    GamingWonderland - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhacnanjblkcpeiiigeigmgkikdklfpi
    Google Sheets - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
    Google Docs Offline - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    Yahoo for Chrome - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh
    Chrome Web Store Payments - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    Google Slides - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
    Google Docs - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
    Google Drive - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
    YouTube - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    GamingWonderland - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eeojlpepoljdpaoiplnlhcfkoigijimc
    Google Sheets - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
    Zwinky - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fidlffpkjchmiflngkkakcmbjmehkdbg
    CONCURSO 2 - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fnblnjieklojbaebmppccnhlpnbgplhk
    BTS SUGA - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\foaaedifpgbglfgnhffmkfokogfoflan
    Undeaddies - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gfnnjkppogeoedffjkkkfeoifdkdijia
    Google Docs Offline - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    Pinterest Save Button - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
    JW.ORG - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjnggdeoambkcbgckfmhjbediblojbbd
    CONCURSO 1 - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hlbbbacglhgkbpfgoocdfblififhnbkl
    JW Daily Scripture - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hoaeoknbnombjplkahejaedapopgclgg
    Arcane Legends - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ibmlkgieigeddcedpbijnpojheoddido
    Search and New Tab by Yahoo - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh
    Dia De Los Gatos - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhjegjhckjmknanpafmhfbjhmnhahgja
    Seahorse Damask Black - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcehndhnkchodlkekpjlgpoobdjobogc
    Chrome Web Store Payments - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    Chrome Media Router - Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

    ==== IE Start and Search Settings ======================

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.google.com.br/?gws_rd=ssl"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.palikan.com/?f=1&a=plk_coinisre_17_22_ssg01&cd=2XzuyEtN2Y1L1QzutC0CyB0E0EyDyD0EzytD0ByD0FtBtCtDtN0D0Tzu0StCzyyCzztN1L2XzutAtFtByBtFyEtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDyEtA0AtA0B0CyEtGtDzy0AzztGyEtDyDtBtGyDyEyBtCtGyDzzzy0CyEyE0C0F0A0FtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzytC0E0AzzyCtBtG0Dzy0B0AtGyEzz0DtAtGzy0B0CtDtG0A0EtBtBtD0E0Ezy0F0EzzyB2QtN0A0LzuyE&cr=1366431911&ir="
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
    {11FFAFCB-4DEE-4608-BAB5-D481A18DDD91} Yahoo Search Url="https://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default"
    {5e7797ae-5ca1-4b50-95d8-97e746340487} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

    ==== HijackThis Entries ======================

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    ==== EOF on 13/06/2017 at 12:24:53,43 =======

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Tópico Arquivado

     

    Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×