Ir ao conteúdo
  • Comunicados

    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.

Gislaine Rodrigues

Membros Juniores
  • Total de itens

    9
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Informações gerais

  • Cidade e Estado
    Telêmaco Borba/PR
  • Sexo
    Feminino
  1. Olá a todos! Meu notebook está lento, pára de funcionar algumas teclas do teclado e eu estava verificando no gerenciador de tarefas os serviços que mais estão consumindo é o agendador de tarefas e um tal de "wudfsvc" Windows Driver Foundation - Estrutura do Driver de Modo de Usuário, mas o estranho é que quando clico em propriedades para achar o local do arquivo o nome aparece com um "k". Aqui está como aparece: "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" e o agendador de tarefas assim: "C:\Windows\system32\svchost.exe -k netsvcs" em muitos outros também está assim e fiquei em dúvida, é normal isso ou pode estar infectado? Agradeço desde já.
  2. Possível infestação

    @CarlosTurco Pelo log anterior, fora as atualizações que você citou, está sem problemas meu note? Muito Obrigada por sua ajuda e atenção!!
  3. Possível infestação

    @CarlosTurco Obrigada! Já verifiquei e segue abaixo o resultado: Obs: (Você não pediu mas eu havia desabilitado o firewall e o antivírus, mas voltei a habilitar ambos após o exame) SecurityCheck by glax24 & Severnyj v.1.4.0.37 [05.03.16] WebSite: www.safezone.cc DateLog: 07.04.2016 14:07:24 Path starting: C:\Users\Gislaine\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Gislaine VersionXML: 2.68is-06.04.2016 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x64) HomeBasic Lang: Portuguese(0416) Installation date OS: 17.09.2015 16:17:30 LicenseStatus: Windows(R) 7, HomeBasic edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [240.4 Gb] Used: [171.6 Gb] Free: [68.8 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.0.9600.18230 User Account Control enabled Notify of download and installation Date install updates: 2016-03-10 20:59:57 Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ---------------------------- [ Antivirus_WMI ] ---------------------------- avast! Antivirus (disabled and out of date) --------------------------- [ FirewallWindows ] --------------------------- Firewall do Windows (MpsSvc) - The service is running Disabled the public profile of Windows Firewall Disabled the standard profile for Windows Firewall --------------------------- [ AntiSpyware_WMI ] --------------------------- avast! Antivirus (disabled and out of date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Microsoft Security Essentials v.4.9.218.0 Avast Free Antivirus v.11.1.2253 ESET Online Scanner v3 --------------------------- [ OtherUtilities ] ---------------------------- WinRAR 5.21 (64-bit) v.5.21.0 Warning! Download Update Picasa 3 v.3.9.141.259 Warning! This software is no longer supported. Please uninstall it and use another software. VLC media player v.2.2.2 -------------------------------- [ Java ] --------------------------------- Java 8 Update 60 v.8.0.600.27 Warning! Download Update Uninstall old version and install new one. Java 8 Update 66 v.8.0.660.18 Warning! Download Update Uninstall old version and install new one. --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 21 ActiveX v.21.0.0.197 Adobe Reader XI (11.0.13) - Português v.11.0.13 Warning! Download Update Uninstall old version and install new one. ------------------------------- [ Browser ] ------------------------------- Google Chrome v.49.0.2623.75 Warning! Download Update --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.11.1.2253.1653 C:\Program Files\AVAST Software\Avast\AvastUI.exe v.11.1.2253.1675 C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe v.5.0.77.643 ----------------------------- [ End of Log ] ------------------------------
  4. Possível infestação

    @CarlosTurco C:\office2010c\crack.exe Win32/Hidcon.B potentially unsafe application deleted C:\Program Files (x86)\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting C:\Users\Gislaine\Documents\Programas\CorelDRAW Graphics Suite X6 Português - Brasil + Keygen\Keygen.exe a variant of Win32/Keygen.AU potentially unsafe application deleted C:\Windows\KMService.exe Win32/HackKMS.A potentially unsafe application cleaned by deleting D:\$RECYCLE.BIN\S-1-5-21-2025484526-765464594-823774108-1000\$RNC5IVM.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted D:\Aplicativos\Programas\aTube_Catcher (2).exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted D:\Aplicativos\Programas\ccsetup516.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted D:\Aplicativos\Programas\cdbxp_setup_4.5.6.5844.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted D:\Aplicativos\Programas\FFSetup3.7.5.0.exe a variant of Win32/Toptools.A potentially unwanted application deleted D:\Aplicativos\Programas\photoscape-3-7-multi-win.exe Win32/OpenCandy potentially unsafe application deleted
  5. Possível infestação

    @CarlosTurco Novo log: ZA-Scan V1.0.0.5 Updated 31-December-2015 Tool run by Gislaine on 05/04/2016 at 9:29:25,31. Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gislaine\Desktop\ZA-Scan.exe Script used: C:\Users\Gislaine\Desktop\zascript.txt ==== System Restore Info ====================== 05/04/2016 09:30:30 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~3\Audio deleted successfully C:\PROGRA~3\CorelDRAW Graphics Suite X6 deleted successfully C:\PROGRA~3\CorelDRAW Graphics Suite X7 x64 deleted successfully C:\PROGRA~3\Skype deleted successfully C:\Users\Gislaine\AppData\Roaming\Free Audio Editor deleted successfully C:\Users\Gislaine\AppData\Roaming\Skype deleted successfully C:\Users\Gislaine\AppData\Local\Skype deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ==== Deleting Files \ Folders ====================== C:\PROGRA~3\CorelDRAW Graphics Suite X7 x64 not found C:\PROGRA~2\Wondershare deleted C:\PROGRA~2\COMMON~1\Wondershare deleted C:\PROGRA~3\Wondershare Video Editor deleted C:\PROGRA~3\Package Cache deleted C:\Users\Gislaine\AppData\Local\mbt-actwiz.log deleted C:\Users\Gislaine\AppData\Local\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted ==== Orphaned Tasks deleted from Registry ====================== avast Emergency Update deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [04/04/2016 16:44] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [04/04/2016 16:44] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[04/04/2016 16:43] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04/04/2016 16:43] Simple Black Frame - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjcmelaooafmncmlidjcjjoidbcbilad Avast SafePrice - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Avast Online Security - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Hotword Shared Module - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg Skype Click to Call - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR ==== Reset Google Chrome ====================== C:\Users\Gislaine\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Gislaine\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully C:\Users\Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully C:\Users\Gislaine\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Gislaine\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe C:\Users\Public\Desktop\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk - c:\Windows\Installer\{6F53FB68-6620-423E-B7CD-B8205655B421}\NewShortcut2.exe C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe C:\Users\Public\Desktop\LegendOnline.lnk - C:\Program Files (x86)\LegendOnline\LegendOnlinebr.exe C:\Users\Public\Desktop\Wondershare Video Editor.lnk - C:\Program Files (x86)\Wondershare\Video Editor\VideoEditor.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk - C:\Windows\System32\fsquirt.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth\My Bluetooth.lnk - C:\Windows\system32\rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",OpenMyBluetooth C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth\Readme.lnk - C:\Program Files\Motorola\Bluetooth\readme.htm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth\Uninstall.lnk - C:\Program Files\Motorola\Bluetooth\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Bitstream Font Navigator.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav\FontNav.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Corel CAPTURE X6.lnk - c:\Windows\Installer\{74FA94F1-9566-4252-9372-E7EAFFEFE209}\NewShortcut8.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Corel CONNECT X6.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Connect\Connect.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Corel PHOTO-PAINT X6.lnk - c:\Windows\Installer\{6F53FB68-6620-423E-B7CD-B8205655B421}\NewShortcut2.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Duplexing Wizard.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut4.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Video Tutorials X6.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\VideoBrowser\VideoBrowser.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Documentation\CorelDRAW Graphics Suite X6 Guidebook.lnk - c:\Windows\Installer\{7F9F6864-8CAB-440C-AF44-030D0135666D}\NewShortcut1_2D4561AA1380433B9EC818E5007E4288.exe Help\GB.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6\Documentation\Macro Programming Guide.lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Data\Macro Programming Guide.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LegendOnline\LegendOnline.lnk - C:\Program Files (x86)\LegendOnline\LegendOnlinebr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LegendOnline\Uninstall.lnk - C:\Program Files (x86)\LegendOnline\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LegendOnline\Website.lnk - C:\Program Files (x86)\LegendOnline\LegendOnline.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configurar o Visualizador de fotos do Picasa.lnk - C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /reconfig C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Desinstalar.lnk - C:\Program Files (x86)\Google\Picasa3\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gislaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gislaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Gislaine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== Reset WMI ====================== Os seguintes servi‡os sÆo dependentes do servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows. Finalizar o servi‡o Testador de instrumenta‡Æo de gerenciam. do Windows tamb‚m finalizar estes servi‡os. Central de Seguran‡a ICS (Compartilhamento de ConexÆo com a Internet) Auxiliar de IP Intel(R) Rapid Storage Technology O servi‡o de Central de Seguran‡a est sendo finalizado . O servi‡o de Central de Seguran‡a foi finalizado com ˆxito. O servi‡o de ICS (Compartilhamento de ConexÆo com a Internet) est sendo finalizado . O servi‡o de ICS (Compartilhamento de ConexÆo com a Internet) foi finalizado com ˆxito. O servi‡o de Auxiliar de IP est sendo finalizado . O servi‡o de Auxiliar de IP foi finalizado com ˆxito. O servi‡o de Intel(R) Rapid Storage Technology est sendo finalizado ..... O servi‡o de Intel(R) Rapid Storage Technology foi finalizado com ˆxito. O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows est sendo finalizado . O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows foi finalizado com ˆxito. C:\Windows\system32\wbem\repository renamed to repository.old C:\Windows\syswow64\wbem\repository renamed to repository.old ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gislaine\AppData\Local\Temp will be emptied at reboot C:\Users\USURIO~1\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Gislaine\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 05/04/2016 at 9:49:00,27 ======================
  6. Possível infestação

    @CarlosTurco Aqui está: ZA-Scan V1.0.0.5 Updated 31-December-2015 Tool run by Gislaine on 04/04/2016 at 15:11:40,20. Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gislaine\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Program Files\AVAST Software\Avast\AvastSvc.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Users\Gislaine\Desktop\ZA-Scan.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Users\Gislaine\AppData\Local\Temp\ZAScan.exe ==== Services(whitelist) ====================== Powered by E Dev R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe R3 - [Bluetooth Device Manager] - Bluetooth Device Manager - c:\program files\motorola\bluetooth\devmgrsrv.exe R3 - [Bluetooth Media Service] - Bluetooth Media Service - c:\program files\motorola\bluetooth\audiosrv.exe R3 - [FLEXnet Licensing Service 64] - FLEXnet Licensing Service 64 - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe R3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe R3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe S3 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe S3 - [NisSrv] - Inspeção de Rede da Microsoft - c:\program files\microsoft security client\nissrv.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [ss_conn_service] - SAMSUNG Mobile Connectivity Service - c:\program files\samsung\usb drivers\25_escape\conn\ss_conn_service.exe S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe S4 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S4 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S4 - [NBService] - NBService - c:\program files (x86)\nero\nero 7\nero backitup\nbservice.exe S4 - [NMIndexingService] - NMIndexingService - c:\program files (x86)\common files\ahead\lib\nmindexingservice.exe S4 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe ==== Drivers(whitelist) ====================== Powered by E Dev R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x] R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys R0 - [iaStorF] - iaStorF - C:\Windows\system32\Drivers\iaStorF.sys R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys R0 - [ngvss] - ngvss - C:\Windows\system32\Drivers\ngvss.sys R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys R0 - [Wd] - Driver de Watchdog da Microsoft - C:\Windows\system32\Drivers\Wd.sys R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2025484526-765464594-823774108-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files\Motorola\Bluetooth\btmshell.dll,TrayApp" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeBridge] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeBridge" "hkey"="HKCU" "command"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS6ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ares" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Ares\\Ares.exe\" -h" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_41D6E3697FECBD8105FE9B7AF02C4797] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleChromeAutoLaunch_41D6E3697FECBD8105FE9B7AF02C4797" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LanguageShortcut] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LanguageShortcut" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD\\Language\\Language.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RemoteControl" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD\\PDVDServ.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SwitchBoard" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Wondershare Helper Compact.exe" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Gislaine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] "item"="OneNote 2010 Screen Clipper and Launcher" "path"="C:\\Users\\Gislaine\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Screen Clipper and Launcher.lnk" "backup"="C:\\Windows\\pss\\OneNote 2010 Screen Clipper and Launcher.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\MICROS~1\\Office14\\ONENOTEM.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NBService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NMIndexingService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RichVideo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SwitchBoard] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/11/2015 16:16] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/09/2015 13:39] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [17/09/2015 13:39] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/03/2016 15:52] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[18/09/2015 20:49] gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[18/09/2015 20:49] Google Docs - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Simple Black Frame - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjcmelaooafmncmlidjcjjoidbcbilad Chrome Web Store Payments - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Gislaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Avast SafePrice - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Google Sheets - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Avast Online Security - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Hotword Shared Module - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg Skype Click to Call - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Chrome Web Store Payments - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Gislaine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll ==== EOF on 04/04/2016 at 15:12:51,72 ======================
  7. Possível infestação

    @CarlosTurco Muito obrigada pelo retorno! Segue abaixo os logs dos procedimentos requeridos: # AdwCleaner v5.108 - Relatório criado 31/03/2016 às 19:26:43 # Atualizado 30/03/2016 por Xplode # Banco de dados : 2016-03-30.1 [Servidor] # Sistema operacional : Windows 7 Home Basic Service Pack 1 (x64) # Usuário : Gislaine - GISLAINE-PC # Executando de : C:\Users\Gislaine\Desktop\adwcleaner_5.108.exe # Opção : Limpar # Apoio : http://toolslib.net/forum ***** [ Serviços ] ***** ***** [ Pastas ] ***** [-] Pasta Excluído : C:\Program Files\Easeware [-] Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy [-] Pasta Excluído : C:\Users\Gislaine\AppData\Local\DriverToolkit [-] Pasta Excluído : C:\Users\Gislaine\AppData\Roaming\Easeware ***** [ Arquivos ] ***** [-] Arquivo Excluído : C:\Users\Public\Desktop\DriverEasy.lnk ***** [ DLLs ] ***** ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** [-] Tarefa Excluída : DriverEasy Scheduled Scan [-] Tarefa Excluída : DRIVERTOOLKIT AUTORUN ***** [ Registro ] ***** [-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} [-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverEasy_is1 ***** [ Navegadores ] ***** ************************* :: Políticas do IE excluídas :: Políticas do Chrome excluídas ************************* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.4 (03.14.2016) Operating System: Windows 7 Home Basic x64 Ran by Gislaine (Administrator) on 31/03/2016 at 19:37:53,02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 16 Successfully deleted: C:\Users\Gislaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gislaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SZWMQ68 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gislaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gislaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATIWDYU1 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gislaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gislaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gislaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHDUQFIV (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gislaine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHU1A8QQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0SZWMQ68 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATIWDYU1 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHDUQFIV (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHU1A8QQ (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 31/03/2016 at 19:40:55,60 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ZHPCleaner v2016.3.31.48 by Nicolas Coolman (2016/03/31) ~ Run by Gislaine (Administrator) (31/03/2016 19:50:43) ~ Site : http://www.nicolascoolman.com ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Reparo ~ Report : C:\Users\Gislaine\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Gislaine\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (21) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (1) MOVIDO pasta: C:\Users\Gislaine\AppData\Roaming\gameboxsetup.exe [Copyright © 2014-2015 Oasgames,Inc - LegendOnline] =>PUP.Optional.Pirrit ---\\ Registro ( Chaves, Valores, Dados ) (4) SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\KMService [C:\Windows\system32\srvany.exe (Not File)] =>PUP.Optional.Office SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Offercast36_ATU3__RASAPI32 [] =>Toolbar.Ask SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Offercast36_ATU3__RASMANCS [] =>Toolbar.Ask ---\\ Resumo dos elementos encontrados na sua estação de trabalho (3) http://www.nicolascoolman.fr/?p=914 =>PUP.Optional.Pirrit http://www.nicolascoolman.fr/?p=888 =>PUP.Optional.Office http://www.nicolascoolman.fr/?p=235 =>Toolbar.Ask ---\\ Dodatkowe oczyszczenie. (82) ~ Chave de registro Tracing Supprimido (82) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Mozilla Firefox) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 319 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 6 ~ End of clean in 00h00mn06s =================== ZHPCleaner-[R]-31032016-19_50_49.txt ZHPCleaner--31032016-19_48_20.txt
  8. Possível infestação

    Olá a todos! Meu notebook está bem lento,barulhento e super aquecendo, eu fiz uma análise por outro programa que detectou itens "desconhecidos", agora analisei com o ZA-Scan, poderiam me ajudar a verificar se está infectado? Obrigada! ZA-Scan.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×