Ir ao conteúdo
  • Cadastre-se
welington Cordeiro

Computador dominado por vírus

Recommended Posts

Olá a todos,

Meu nome é Welington. Eu estou enfrentando problemas com meu notebook. Eu uso o Windows 8.1 em um Dell Inspiron. Acredito que o problema ocorreu com um download no Baixaki.

Meu computador abre programas sozinho, instala outros programas automaticamente, abre diversas propagandas. Elém de ter desativado meu Advanced System care 8 (parece que sobrou apenas o atalho.)

Eu tentei realizar o procedimento para a criação do ZA-Scan.txt. O problema é que programas e navegadores abriam durante o processo, por causa do vírus. O Virus também está impedindo que eu anexe o arquivo aqui, então eu copiei e colei o conteúdo.

Desde já agradeço a atenção!

Welington

ZA-Scan V1.0.0.4 Updated 04-May-2015

Tool run by Welington on 08/07/2015 at 21:14:17,36.

Microsoft Windows 8.1 Single Language 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Welington\Downloads\ZA-Scan (1).exe [Z-Analyse Scan]

==== Running Processes ======================

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Charming Magazine\Charming Magazine.exe

C:\WINDOWS\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\irstrtsv.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

C:\Users\Welington\AppData\Roaming\NetService\netservice.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Users\Welington\AppData\Roaming\4C4C4544-1436146186-4B10-805A-B6C04F305931\hnsn3A20.tmp

C:\Users\Welington\AppData\Roaming\4C4C4544-1436146186-4B10-805A-B6C04F305931\knsu976D.tmp

C:\Program Files (x86)\WordShark_1.10.0.19\Service\wssvc.exe

C:\Users\Welington\AppData\Roaming\4C4C4544-1436146186-4B10-805A-B6C04F305931\jnsw1D9D.tmp

c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-6.exe

C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-6.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe

C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe

C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-6.exe

c:\programdata\trusted publisher\systempreserver\PremiumReliever.exe

C:\Users\Welington\AppData\Local\gmsd_br_005010024\upgmsd_br_005010024.exe

C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Users\Welington\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Welington\AppData\Local\SmartWeb\SmartWebHelper.exe

C:\Program Files (x86)\gmsd_br_005010024\gmsd_br_005010024.exe

C:\Users\Welington\AppData\Local\SmartWeb\SmartWebApp.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-1-6.exe

C:\Users\WELING~1\AppData\Local\Temp\nsu4486.tmp

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\Users\Welington\AppData\Local\gmsd_br_005010025\upgmsd_br_005010025.exe

C:\Program Files (x86)\gmsd_br_005010025\gmsd_br_005010025.exe

C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

C:\Program Files (x86)\MiuiTab\ProtectService.exe

C:\Program Files (x86)\MiuiTab\cmdshell.exe

C:\Users\WELING~1\AppData\Local\Temp\nsc530E.tmp

C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-10.exe

C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-6.exe

C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-1-6.exe

C:\Program Files (x86)\MiuiTab\HPNotify.exe

C:\Program Files (x86)\gmsd_br_005010024\gmsd_br_005010024.exe

C:\Users\Welington\Downloads\ZA-Scan (1).exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\Users\WELING~1\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================

Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe

R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe

R2 - [AtherosSvc] - AtherosSvc - c:\program files (x86)\dell wireless\bluetooth suite\adminservice.exe

R2 - [Charming Magazine] - Charming Magazine - c:\program files (x86)\charming magazine\charming magazine.exe

R2 - [DellDataVault] - Dell Data Vault - c:\program files\dell\delldatavault\delldatavault.exe

R2 - [DellDataVaultWiz] - Dell Data Vault Wizard - c:\program files\dell\delldatavault\delldatavaultwiz.exe

R2 - [DellDigitalDelivery] - Dell Digital Delivery Service - c:\program files (x86)\dell digital delivery\deliveryservice.exe

R2 - [fc67e7a0] - DeltaFix - (x86)\deltafix\deltafix.dll [x]

R2 - [GbpSv] - Gbp Service - c:\progra~2\gbplugin\gbpsv.exe

R2 - [iAStorDataMgrSvc] - Tecnologia de armazenamento Intel® Rapid - c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe

R2 - [iHProtect Service] - IHProtect Service - c:\program files (x86)\miuitab\protectservice.exe

R2 - [iMFservice] - IMF Service - c:\program files (x86)\iobit\iobit malware fighter\imfsrv.exe

R2 - [intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe

R2 - [irstrtsv] - Intel® Rapid Start Technology Service - c:\windows\syswow64\irstrtsv.exe

R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe

R2 - [LiveUpdateSvc] - LiveUpdate - c:\program files (x86)\iobit\liveupdate\liveupdate.exe

R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe

R2 - [NetTcpHandler] - Net.Tcp Service Handler - c:\users\welington\appdata\roaming\netservice\netservice.exe

R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe

R2 - [supportAssistAgent] - Dell SupportAssist Agent - c:\program files (x86)\dell\supportassistagent\bin\supportassistagent.exe

R2 - [uNS] - Intel® Management and Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe

R2 - [vicoqudu] - Encyclopaedia Enter - c:\users\welington\appdata\roaming\4c4c4544-1436146186-4b10-805a-b6c04f305931\hnsn3a20.tmp

R2 - [Warsaw Technology] - Warsaw Technology - c:\program files\diebold\warsaw\core.exe

R2 - [WinDefend] - Serviço Windows Defender - c:\program files\windows defender\msmpeng.exe

R2 - [WindowsMangerProtect] - WindowsMangerProtect Service - c:\programdata\windowsmangerprotect\protectwindowsmanager.exe

R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe

R2 - [wotenufi] - Remove Hit - c:\users\welington\appdata\roaming\4c4c4544-1436146186-4b10-805a-b6c04f305931\knsu976d.tmp

R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe

R2 - [wssvc_1.10.0.19] - WS 1.10.0.19 Client Service - c:\program files (x86)\wordshark_1.10.0.19\service\wssvc.exe

R2 - [zejytose] - Typewriter High Resolution - c:\users\welington\appdata\roaming\4c4c4544-1436146186-4b10-805a-b6c04f305931\jnsw1d9d.tmp

R3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe

R3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender - c:\program files\windows defender\nissrv.exe

R3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe

S2 - [CLKMSVC10_38F51D56] - CyberLink Product - 2013/06/28 02:38:02 - c:\program files (x86)\cyberlink\powerdvd10\navfilter\kmsvc.exe

S2 - [globalUpdate] - globalUpdate Update Service (globalUpdate) - c:\program files (x86)\globalupdate\update\globalupdate.exe

S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe

S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe

S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe

S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe

S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe

S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe

S3 - [globalUpdatem1d0b93c4b6f751a] - globalUpdate Update Service (globalUpdatem1d0b93c4b6f751a) - c:\program files (x86)\globalupdate\update\globalupdate.exe

S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe

S3 - [iEEtwCollectorService] - Serviço Coletor ETW do Internet Explorer - c:\windows\system32\ieetwcollector.exe

S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe

S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe

S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe

S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe

S3 - [TrustedInstaller] - TrustedInstaller - c:\windows\servicing\trustedinstaller.exe [x]

S3 - [TurboBoost] - Intel® Turbo Boost Technology Monitor 2.6 - c:\program files\intel\turboboost\turboboost.exe

S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe

S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe

S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe

S4 - [a2AntiMalware] - Emsisoft Anti-Malware 8.0 - Service - c:\program files (x86)\emsisoft anti-malware\a2service.exe

S4 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe

S4 - [sftService] - SoftThinks Agent Service - c:\program files (x86)\dell backup and recovery\sftservice.exe

S4 - [sNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe

S4 - [steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe

S4 - [ZAtheros Wlan Agent] - ZAtheros Wlan Agent - c:\program files (x86)\dell wireless\ath_wlanagent.exe

==== Drivers(whitelist) ======================

Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys

R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys

R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys

R0 - [WdFilter] - Driver de Minifiltro do Windows Defender - C:\WINDOWS\system32\Drivers\WdFilter.sys

R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys

R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys

R2 - [srv] - Driver SMB 1.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv.sys

R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys

R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys

R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys

R0 - [amdkmpfd] - AMD PCI Root Bus Lower Filter - C:\WINDOWS\system32\Drivers\amdkmpfd.sys

R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys

R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys

R0 - [disk] - Driver de disco - C:\WINDOWS\system32\Drivers\disk.sys

R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys

R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys

R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys

R0 - [intelpep] - Driver Intel® Power Engine Plug-in - C:\WINDOWS\system32\Drivers\intelpep.sys

R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys

R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys

R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys

R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys

R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys

R0 - [partmgr] - Gerenciador de Partições - C:\WINDOWS\system32\Drivers\partmgr.sys

R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys

R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys

R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys

R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys

R0 - [smartDefragDriver] - SmartDefragDriver - C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

R0 - [spaceport] - Driver de Espaços de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys

R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys

R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys

R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys

R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\WINDOWS\system32\Drivers\volmgrx.sys

R0 - [volsnap] - Volumes de armazenamento - C:\WINDOWS\system32\Drivers\volsnap.sys

R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys

R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys

R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys

R1 - [beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys

R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys

R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys

S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys

S0 - [WdBoot] - Driver de Inicialização do Windows Defender - C:\WINDOWS\system32\Drivers\WdBoot.sys

S3 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-428577987-3947729596-2698170759-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="C:\Users\Welington\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"GoogleChromeAutoLaunch_D6CB4C34AE7BAC7CDE778A9336DAE817"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"

"Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto"

"Dropbox Update"="C:\Users\Welington\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"

"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

"BDRegion"="C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"

"IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"

"SmartWeb"="C:\Users\Welington\AppData\Local\SmartWeb\SmartWebHelper.exe"

"gmsd_br_005010024"="C:\Program Files (x86)\gmsd_br_005010024\gmsd_br_005010024.exe"

"gmsd_br_005010025"="C:\Program Files (x86)\gmsd_br_005010025\gmsd_br_005010025.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"upgmsd_br_005010024.exe"="C:\Users\Welington\AppData\Local\gmsd_br_005010024\upgmsd_br_005010024.exe -runonce"

"upgmsd_br_005010025.exe"="C:\Users\Welington\AppData\Local\gmsd_br_005010024\upgmsd_br_005010025.exe -runonce"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="C:\Users\Welington\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"GoogleChromeAutoLaunch_D6CB4C34AE7BAC7CDE778A9336DAE817"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"

"Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto"

"Dropbox Update"="C:\Users\Welington\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"

"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickSet"="c:\Program Files\Dell\QuickSet\QuickSet.exe"

"IntelTBRunOnce"="wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

"BtTray"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe"

"BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

"Diebold - Warsaw"="C:\Program Files\Diebold\Warsaw\core.exe"

"ETDCtrl"="C:\Program Files\Elantech\ETDCtrl.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\a2AntiMalware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdvancedSystemCareService7]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SftService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ZAtheros Wlan Agent]

==== Startup Folders ======================

2015-06-19 15:14:33 1201 ----a-w- C:\Users\Welington\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2015-07-08 02:56:18 1164 ----a-w- C:\Users\Welington\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-6.job --a-------- C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-6.exe [08/07/2015 06:06]

C:\WINDOWS\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-7.job --a-------- C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-7.exe [08/07/2015 06:06]

C:\WINDOWS\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-3.job --a-------- C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-3.exe [08/07/2015 06:06]

C:\WINDOWS\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-5.job --a-------- [undetermined Task]

C:\WINDOWS\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-5_user.job --a-------- C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-5.exe [08/07/2015 06:07]

C:\WINDOWS\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-6.job --a-------- C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-6.exe [08/07/2015 06:06]

C:\WINDOWS\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-7.job --a-------- C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-7.exe [08/07/2015 06:06]

C:\WINDOWS\tasks\0dyAflLn4HpKDZ.job --a-------- C:\Users\Welington\AppData\Roaming\0dyAflLn4HpKDZ.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\1nPHuGpWKTHUF0qdbQ0JDkjLk.job --a-------- C:\Users\Welington\AppData\Roaming\1nPHuGpWKTHUF0qdbQ0JDkjLk.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\4DHD24fUKKrJADLDPt.job --a-------- C:\Users\Welington\AppData\Roaming\4DHD24fUKKrJADLDPt.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\4ig3vDa.job --a-------- C:\Users\Welington\AppData\Roaming\4ig3vDa.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\4VgJzQFZDypDFF0nFU.job --a-------- [undetermined Task]

C:\WINDOWS\tasks\4wDENgWKXq9as5vtdeTbIYQ.job --a-------- C:\Users\Welington\AppData\Roaming\4wDENgWKXq9as5vtdeTbIYQ.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-1-6.job --a-------- C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-1-6.exe [08/07/2015 20:34]

C:\WINDOWS\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-1-7.job --a-------- C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-1-7.exe [08/07/2015 20:34]

C:\WINDOWS\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-10_user.job --a-------- C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-10.exe [08/07/2015 20:33]

C:\WINDOWS\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-3.job --a-------- C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-3.exe [08/07/2015 20:33]

C:\WINDOWS\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-4.job --a-------- C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-4.exe [08/07/2015 20:34]

C:\WINDOWS\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-5.job --a-------- C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-5.exe [08/07/2015 20:34]

C:\WINDOWS\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-5_user.job --a-------- C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-5.exe [08/07/2015 20:34]

C:\WINDOWS\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-6.job --a-------- C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-6.exe [08/07/2015 20:34]

C:\WINDOWS\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-7.job --a-------- [undetermined Task]

C:\WINDOWS\tasks\ACqUFFQ9zJfSQApH.job --a-------- C:\Users\Welington\AppData\Roaming\ACqUFFQ9zJfSQApH.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\aFDZBO2F61gwDf9L.job --a-------- C:\Users\Welington\AppData\Roaming\aFDZBO2F61gwDf9L.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\APSnotifierPP1.job --a-------- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [08/07/2015 19:58]

C:\WINDOWS\tasks\APSnotifierPP2.job --a-------- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [08/07/2015 19:58]

C:\WINDOWS\tasks\APSnotifierPP3.job --a-------- C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [08/07/2015 19:58]

C:\WINDOWS\tasks\ASC8_SkipUac_Welington.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe []

C:\WINDOWS\tasks\Avf0oOkYi9gfOTWgodVEOW5x.job --a-------- C:\Users\Welington\AppData\Roaming\Avf0oOkYi9gfOTWgodVEOW5x.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\bwQQX6jirjMoC3RX.job --a-------- C:\Users\Welington\AppData\Roaming\bwQQX6jirjMoC3RX.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\Ckhg8T46BN0sGNffO0p7za.job --a-------- C:\Users\Welington\AppData\Roaming\Ckhg8T46BN0sGNffO0p7za.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\cqM1S0pUvkuqKWur66YH.job --a-------- [undetermined Task]

C:\WINDOWS\tasks\Crossbrowse.job --a-------- C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe []

C:\WINDOWS\tasks\D8trOHkbOwG4.job --a-------- C:\Users\Welington\AppData\Roaming\D8trOHkbOwG4.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-1-6.job --a-------- C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-1-6.exe []

C:\WINDOWS\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-1-7.job --a-------- C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-1-7.exe []

C:\WINDOWS\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-10_user.job --a-------- C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-10.exe []

C:\WINDOWS\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-3.job --a-------- C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-3.exe []

C:\WINDOWS\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-4.job --a-------- C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-4.exe []

C:\WINDOWS\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-5.job --a-------- C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-5.exe []

C:\WINDOWS\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-5_user.job --a-------- C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-5.exe []

C:\WINDOWS\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-6.job --a-------- C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-6.exe []

C:\WINDOWS\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-7.job --a-------- C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-7.exe []

C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-428577987-3947729596-2698170759-1001Core.job --a-------- C:\Users\Welington\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19/06/2015 12:12]

C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-428577987-3947729596-2698170759-1001UA.job --a-------- C:\Users\Welington\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19/06/2015 12:12]

C:\WINDOWS\tasks\DWCSYTTKQ1.job --a-------- [undetermined Task]

C:\WINDOWS\tasks\eehTcGeIkl.job --a-------- C:\Users\Welington\AppData\Roaming\eehTcGeIkl.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-1-6.job --a-------- C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-1-6.exe [08/07/2015 20:11]

C:\WINDOWS\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-1-7.job --a-------- C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-1-7.exe [08/07/2015 20:11]

C:\WINDOWS\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-3.job --a-------- C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-3.exe [08/07/2015 20:10]

C:\WINDOWS\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-5.job --a-------- C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-5.exe [08/07/2015 20:11]

C:\WINDOWS\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-5_user.job --a-------- C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-5.exe [08/07/2015 20:11]

C:\WINDOWS\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-6.job --a-------- C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-6.exe [08/07/2015 18:06]

C:\WINDOWS\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-7.job --a-------- C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-7.exe [08/07/2015 20:10]

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-428577987-3947729596-2698170759-1001Core.job --a-------- C:\Users\Welington\AppData\Local\Facebook\Update\FacebookUpdate.exe [17/03/2014 18:16]

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-428577987-3947729596-2698170759-1001UA.job --a-------- C:\Users\Welington\AppData\Local\Facebook\Update\FacebookUpdate.exe [17/03/2014 18:16]

C:\WINDOWS\tasks\FaKnyoktVDcaKF6nQgM17H.job --a-------- C:\Users\Welington\AppData\Roaming\FaKnyoktVDcaKF6nQgM17H.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [08/07/2015 20:33]

C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [08/07/2015 20:33]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/03/2014 18:36]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/03/2014 18:36]

C:\WINDOWS\tasks\H8ByM2OqhG.job --a-------- C:\Users\Welington\AppData\Roaming\H8ByM2OqhG.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\H8Qi1X98pLu52isSsUZZduvio.job --a-------- [undetermined Task]

C:\WINDOWS\tasks\hEtyWjmTB.job --a-------- C:\Users\Welington\AppData\Roaming\hEtyWjmTB.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\LKUWKPKUGKWODIUC.job --ah------- C:\ProgramData\ServiC:e1104\ServiC:e1104.exe []

C:\WINDOWS\tasks\NKidFalasfD.job --a-------- C:\Users\Welington\AppData\Roaming\NKidFalasfD.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\PremiumReliever-S-2792935414.job --ah------- C:\programdata\trusted publisher\systempreserver\PremiumReliever.exe [24/11/2013 00:44]

C:\WINDOWS\tasks\PrZpcosX4.job --a-------- [undetermined Task]

C:\WINDOWS\tasks\pUEASLevo6SUqY.job --a-------- C:\Users\Welington\AppData\Roaming\pUEASLevo6SUqY.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\RfjS4CdOplm3.job --a-------- C:\Users\Welington\AppData\Roaming\RfjS4CdOplm3.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\SEBwz95KsYA.job --a-------- C:\Users\Welington\AppData\Roaming\SEBwz95KsYA.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\tTrRya2zQqteh04ACQ5GdrextFe.job --a-------- C:\Users\Welington\AppData\Roaming\tTrRya2zQqteh04ACQ5GdrextFe.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\Tu0tBQkXQeLcxSA.job --a-------- C:\Users\Welington\AppData\Roaming\Tu0tBQkXQeLcxSA.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\Uninstaller_SkipUac_Administrator.job --a-------- [undetermined Task]

C:\WINDOWS\tasks\Uninstaller_SkipUac_Welington.job --a-------- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [20/05/2015 19:52]

C:\WINDOWS\tasks\V7K37ejfp1Sikq49jvsAVKRD63j.job --a-------- C:\Users\Welington\AppData\Roaming\V7K37ejfp1Sikq49jvsAVKRD63j.exe [20/04/2015 11:05]

C:\WINDOWS\tasks\vjGemhjk.job --a-------- [undetermined Task]

C:\WINDOWS\tasks\wpT3LuFmkgVMGsVIk5cAlYJ5Q6o.job --a-------- C:\Users\Welington\AppData\Roaming\wpT3LuFmkgVMGsVIk5cAlYJ5Q6o.exe [20/04/2015 11:05]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-6" [C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-6.exe]

"C:\WINDOWS\SysNative\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-7" [C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-7.exe]

"C:\WINDOWS\SysNative\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-3" [C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-3.exe]

"C:\WINDOWS\SysNative\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-5" [C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-5.exe]

"C:\WINDOWS\SysNative\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-5_user" [C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-5.exe]

"C:\WINDOWS\SysNative\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-6" [C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-6.exe]

"C:\WINDOWS\SysNative\tasks\0b33a2f9-0cb1-4a63-a856-54963a0e5286-7" [C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-7.exe]

"C:\WINDOWS\SysNative\tasks\0dyAflLn4HpKDZ" [C:\Users\Welington\AppData\Roaming\0dyAflLn4HpKDZ.exe]

"C:\WINDOWS\SysNative\tasks\1nPHuGpWKTHUF0qdbQ0JDkjLk" [C:\Users\Welington\AppData\Roaming\1nPHuGpWKTHUF0qdbQ0JDkjLk.exe]

"C:\WINDOWS\SysNative\tasks\4DHD24fUKKrJADLDPt" [C:\Users\Welington\AppData\Roaming\4DHD24fUKKrJADLDPt.exe]

"C:\WINDOWS\SysNative\tasks\4ig3vDa" [C:\Users\Welington\AppData\Roaming\4ig3vDa.exe]

"C:\WINDOWS\SysNative\tasks\4VgJzQFZDypDFF0nFU" [C:\Users\Welington\AppData\Roaming\4VgJzQFZDypDFF0nFU.exe]

"C:\WINDOWS\SysNative\tasks\4wDENgWKXq9as5vtdeTbIYQ" [C:\Users\Welington\AppData\Roaming\4wDENgWKXq9as5vtdeTbIYQ.exe]

"C:\WINDOWS\SysNative\tasks\5866009f-f35f-40ac-a6d6-5a0f96900e50-1-6" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-1-6.exe]

"C:\WINDOWS\SysNative\tasks\5866009f-f35f-40ac-a6d6-5a0f96900e50-1-7" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-1-7.exe]

"C:\WINDOWS\SysNative\tasks\5866009f-f35f-40ac-a6d6-5a0f96900e50-10_user" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-10.exe]

"C:\WINDOWS\SysNative\tasks\5866009f-f35f-40ac-a6d6-5a0f96900e50-3" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-3.exe]

"C:\WINDOWS\SysNative\tasks\5866009f-f35f-40ac-a6d6-5a0f96900e50-4" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-4.exe]

"C:\WINDOWS\SysNative\tasks\5866009f-f35f-40ac-a6d6-5a0f96900e50-5" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-5.exe]

"C:\WINDOWS\SysNative\tasks\5866009f-f35f-40ac-a6d6-5a0f96900e50-5_user" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-5.exe]

"C:\WINDOWS\SysNative\tasks\5866009f-f35f-40ac-a6d6-5a0f96900e50-6" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-6.exe]

"C:\WINDOWS\SysNative\tasks\5866009f-f35f-40ac-a6d6-5a0f96900e50-7" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-7.exe]

"C:\WINDOWS\SysNative\tasks\600A2978-B106-473C-BF7-1BA7B35A5258" [C:\Users\Welington\AppData\Local\600A2978-B106-473C-BF7-1BA7B35A5258\600A2978-B106-473C-BF7-1BA7B35A5258.exe]

"C:\WINDOWS\SysNative\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-1-6" [C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-1-6.exe]

"C:\WINDOWS\SysNative\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-1-7" [C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-1-7.exe]

"C:\WINDOWS\SysNative\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-10_user" [C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-10.exe]

"C:\WINDOWS\SysNative\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-3" [C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-3.exe]

"C:\WINDOWS\SysNative\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-4" [C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-4.exe]

"C:\WINDOWS\SysNative\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-5" [C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-5.exe]

"C:\WINDOWS\SysNative\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-5_user" [C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-5.exe]

"C:\WINDOWS\SysNative\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-6" [C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-6.exe]

"C:\WINDOWS\SysNative\tasks\975225dd-3994-4dfd-b445-ba67e82a9de2-7" [C:\Program Files (x86)\CinemaPlus-3.2cV08.07\975225dd-3994-4dfd-b445-ba67e82a9de2-7.exe]

"C:\WINDOWS\SysNative\tasks\ACqUFFQ9zJfSQApH" [C:\Users\Welington\AppData\Roaming\ACqUFFQ9zJfSQApH.exe]

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\WINDOWS\SysNative\tasks\aFDZBO2F61gwDf9L" [C:\Users\Welington\AppData\Roaming\aFDZBO2F61gwDf9L.exe]

"C:\WINDOWS\SysNative\tasks\APSnotifierPP1" [C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe]

"C:\WINDOWS\SysNative\tasks\APSnotifierPP2" [C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe]

"C:\WINDOWS\SysNative\tasks\APSnotifierPP3" [C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe]

"C:\WINDOWS\SysNative\tasks\ASC8_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe]

"C:\WINDOWS\SysNative\tasks\ASC8_SkipUac_Welington" [C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /SkipUac]

"C:\WINDOWS\SysNative\tasks\Avf0oOkYi9gfOTWgodVEOW5x" [C:\Users\Welington\AppData\Roaming\Avf0oOkYi9gfOTWgodVEOW5x.exe]

"C:\WINDOWS\SysNative\tasks\BrowserSafeguard Update Task" [C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe]

"C:\WINDOWS\SysNative\tasks\bwQQX6jirjMoC3RX" [C:\Users\Welington\AppData\Roaming\bwQQX6jirjMoC3RX.exe]

"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\WINDOWS\SysNative\tasks\Ckhg8T46BN0sGNffO0p7za" [C:\Users\Welington\AppData\Roaming\Ckhg8T46BN0sGNffO0p7za.exe]

"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]

"C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]

"C:\WINDOWS\SysNative\tasks\cqM1S0pUvkuqKWur66YH" [C:\Users\Welington\AppData\Roaming\cqM1S0pUvkuqKWur66YH.exe]

"C:\WINDOWS\SysNative\tasks\Crossbrowse" [C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe]

"C:\WINDOWS\SysNative\tasks\D8trOHkbOwG4" [C:\Users\Welington\AppData\Roaming\D8trOHkbOwG4.exe]

"C:\WINDOWS\SysNative\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-1-6" [C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-1-6.exe]

"C:\WINDOWS\SysNative\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-1-7" [C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-1-7.exe]

"C:\WINDOWS\SysNative\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-10_user" [C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-10.exe]

"C:\WINDOWS\SysNative\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-3" [C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-3.exe]

"C:\WINDOWS\SysNative\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-4" [C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-4.exe]

"C:\WINDOWS\SysNative\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-5" [C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-5.exe]

"C:\WINDOWS\SysNative\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-5_user" [C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-5.exe]

"C:\WINDOWS\SysNative\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-6" [C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-6.exe]

"C:\WINDOWS\SysNative\tasks\da32bea0-043e-4032-bd78-9c5514bd88ea-7" [C:\Program Files (x86)\CinemaPlus-4.5vV05.07\da32bea0-043e-4032-bd78-9c5514bd88ea-7.exe]

"C:\WINDOWS\SysNative\tasks\Dell SupportAssistAgent AutoUpdate" [C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe]

"C:\WINDOWS\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]

"C:\WINDOWS\SysNative\tasks\Driver Booster SkipUAC (Welington)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]

"C:\WINDOWS\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]

"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-428577987-3947729596-2698170759-1001Core" [C:\Users\Welington\AppData\Local\Dropbox\Update\DropboxUpdate.exe]

"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-428577987-3947729596-2698170759-1001UA" [C:\Users\Welington\AppData\Local\Dropbox\Update\DropboxUpdate.exe]

"C:\WINDOWS\SysNative\tasks\DWCSYTTKQ1" [C:\ProgramData\TomorrowGames\TomorrowGames.exe]

"C:\WINDOWS\SysNative\tasks\eehTcGeIkl" [C:\Users\Welington\AppData\Roaming\eehTcGeIkl.exe]

"C:\WINDOWS\SysNative\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-1-6" [C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-1-6.exe]

"C:\WINDOWS\SysNative\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-1-7" [C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-1-7.exe]

"C:\WINDOWS\SysNative\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-3" [C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-3.exe]

"C:\WINDOWS\SysNative\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-5" [C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-5.exe]

"C:\WINDOWS\SysNative\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-5_user" [C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-5.exe]

"C:\WINDOWS\SysNative\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-6" [C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-6.exe]

"C:\WINDOWS\SysNative\tasks\f5ca0256-aa2a-422e-8531-46c3c5f6371d-7" [C:\Program Files (x86)\BrowserV08.07\f5ca0256-aa2a-422e-8531-46c3c5f6371d-7.exe]

"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-428577987-3947729596-2698170759-1001Core" [C:\Users\Welington\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-428577987-3947729596-2698170759-1001UA" [C:\Users\Welington\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\WINDOWS\SysNative\tasks\FaKnyoktVDcaKF6nQgM17H" [C:\Users\Welington\AppData\Roaming\FaKnyoktVDcaKF6nQgM17H.exe]

"C:\WINDOWS\SysNative\tasks\globalUpdateUpdateTaskMachineCore" [C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe]

"C:\WINDOWS\SysNative\tasks\globalUpdateUpdateTaskMachineUA" [C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\H8ByM2OqhG" [C:\Users\Welington\AppData\Roaming\H8ByM2OqhG.exe]

"C:\WINDOWS\SysNative\tasks\H8Qi1X98pLu52isSsUZZduvio" [C:\Users\Welington\AppData\Roaming\H8Qi1X98pLu52isSsUZZduvio.exe]

"C:\WINDOWS\SysNative\tasks\hEtyWjmTB" [C:\Users\Welington\AppData\Roaming\hEtyWjmTB.exe]

"C:\WINDOWS\SysNative\tasks\LKUWKPKUGKWODIUC" [C:\ProgramData\Service1104\Service1104.exe]

"C:\WINDOWS\SysNative\tasks\NKidFalasfD" [C:\Users\Welington\AppData\Roaming\NKidFalasfD.exe]

"C:\WINDOWS\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\Dell\SupportAssist\sessionchecker.exe"]

"C:\WINDOWS\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\Dell\SupportAssist\uaclauncher.exe"]

"C:\WINDOWS\SysNative\tasks\PremiumReliever-S-2792935414" [c:\programdata\trusted publisher\systempreserver\PremiumReliever.exe]

"C:\WINDOWS\SysNative\tasks\PrZpcosX4" [C:\Users\Welington\AppData\Roaming\PrZpcosX4.exe]

"C:\WINDOWS\SysNative\tasks\pUEASLevo6SUqY" [C:\Users\Welington\AppData\Roaming\pUEASLevo6SUqY.exe]

"C:\WINDOWS\SysNative\tasks\RfjS4CdOplm3" [C:\Users\Welington\AppData\Roaming\RfjS4CdOplm3.exe]

"C:\WINDOWS\SysNative\tasks\SEBwz95KsYA" [C:\Users\Welington\AppData\Roaming\SEBwz95KsYA.exe]

"C:\WINDOWS\SysNative\tasks\SmartDefrag4_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe]

"C:\WINDOWS\SysNative\tasks\SmartDefrag4_Update" [C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe]

"C:\WINDOWS\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]

"C:\WINDOWS\SysNative\tasks\temp_0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-6" [C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-6.exe]

"C:\WINDOWS\SysNative\tasks\temp_0b33a2f9-0cb1-4a63-a856-54963a0e5286-6" [C:\Program Files (x86)\BrowserV07.07\0b33a2f9-0cb1-4a63-a856-54963a0e5286-6.exe]

"C:\WINDOWS\SysNative\tasks\temp_5866009f-f35f-40ac-a6d6-5a0f96900e50-1-6" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-1-6.exe]

"C:\WINDOWS\SysNative\tasks\temp_5866009f-f35f-40ac-a6d6-5a0f96900e50-10_user" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-10.exe]

"C:\WINDOWS\SysNative\tasks\temp_5866009f-f35f-40ac-a6d6-5a0f96900e50-6" [C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-6.exe]

"C:\WINDOWS\SysNative\tasks\ToolsUpdatePlatform_ScheduledTask" [C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe]

"C:\WINDOWS\SysNative\tasks\tTrRya2zQqteh04ACQ5GdrextFe" [C:\Users\Welington\AppData\Roaming\tTrRya2zQqteh04ACQ5GdrextFe.exe]

"C:\WINDOWS\SysNative\tasks\Tu0tBQkXQeLcxSA" [C:\Users\Welington\AppData\Roaming\Tu0tBQkXQeLcxSA.exe]

"C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]

"C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Welington" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{6D0311D5-14E1-4C39-B2D3-15CF654CE122}" [C:\WINDOWS\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\V7K37ejfp1Sikq49jvsAVKRD63j" [C:\Users\Welington\AppData\Roaming\V7K37ejfp1Sikq49jvsAVKRD63j.exe]

"C:\WINDOWS\SysNative\tasks\vjGemhjk" [C:\Users\Welington\AppData\Roaming\vjGemhjk.exe]

"C:\WINDOWS\SysNative\tasks\WordShark Auto Updater 1.10.0.19 Core" [C:\Program Files (x86)\WordShark_1.10.0.19\Update\WordSharkAutoUpdateClient.exe]

"C:\WINDOWS\SysNative\tasks\WordShark Auto Updater 1.10.0.19 Pending Update" [C:\Program Files (x86)\WordShark_1.10.0.19\Update\WordSharkAutoUpdateClient.exe]

"C:\WINDOWS\SysNative\tasks\wpT3LuFmkgVMGsVIk5cAlYJ5Q6o" [C:\Users\Welington\AppData\Roaming\wpT3LuFmkgVMGsVIk5cAlYJ5Q6o.exe]

"C:\WINDOWS\SysNative\tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}" [C:\Program Files (x86)\CalendarTool\1.3.1.10384\InstallHelper.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\WELING~1\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default

user_pref("browser.newtab.url", "http://www.mystartsearch.com/newtab/?type=nt&ts=1436398318&z=138afd6dc38e9e1a5f2090fg7z7c0qec4t2b0c0ofg&from=cmi&uid=3219913727_198313_4C61B736");

user_pref("browser.search.defaultenginename", "istartsurf");

user_pref("browser.search.selectedEngine", "istartsurf");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"sweetsearch@gmail.com"="C:\Users\Welington\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default\extensions\sweetsearch@gmail.com" [05/07/2015 23:58]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Welington\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [21/04/2015 12:01]

==== Firefox Extensions ======================

ProfilePath: C:\Users\WELING~1\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default

- DeleteAd - C:\Users\Welington\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default\extensions\hzwzdsnbpqbh@wvhkymhjhznivozo.org

- GBBD Banco do Brasil - C:\Users\Welington\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

- QuickSearch - C:\Users\Welington\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default\extensions\searchffv2@gmail.com

- Search Enginer - C:\Users\Welington\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default\extensions\sweetsearch@gmail.com

- CinemaPlus-3.2cV08.07 - C:\Users\Welington\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com

- CinemaPlus-3.2cV08.07 - %ProfilePath%\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com

- BesstSaeveForYou - %ProfilePath%\extensions\dZ@bwx7B.com

- ExStraSAviings - %ProfilePath%\extensions\G0D@d1qUpViL.com

- DeleteAd - %ProfilePath%\extensions\hzwzdsnbpqbh@wvhkymhjhznivozo.org

- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\iobitascsurfingprotection@iobit.com

- NetoCoupOn - %ProfilePath%\extensions\r1h@qMw.com

- TakeeTheCoupon - %ProfilePath%\extensions\RkDhad@0iRl.com

- QuickSearch - %ProfilePath%\extensions\searchffv2@gmail.com

- Search Enginer - %ProfilePath%\extensions\sweetsearch@gmail.com

- DiscoeuentExtenossi - %ProfilePath%\extensions\t3wqB@nR.net

- BestSaveFuorYoou - %ProfilePath%\extensions\Wk@V.com

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Welington\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default

3CD19649B2C3023D65E67C056457A2BC - C:\Users\Welington\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

7E22425470F2072890C5747F07628846 - C:\Users\Welington\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil

D87C0639158DFC59B39E1B804F297B40 - C:\Users\Welington\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.65

Google Search - Welington\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

CinemaPlus-3.2cV08.07 - Welington\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp

Gmail - Welington\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Welington\AppData\Local\Google\Chrome\User Data\Default\Preferences

"homepage": "http://dell13.msn.com/",

"startup_urls": [ "https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8", "http://search.gboxapp.com/" ],

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://dell13.msn.com"

"Search Page"="http://www.istartsurf.com/web/?type=dspp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736&q={searchTerms}"

"Default_Page_URL"="http://www.istartsurf.com/?type=hppp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736"

"Default_Search_URL"="http://www.istartsurf.com/web/?type=dspp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736&q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1436398318&z=138afd6dc38e9e1a5f2090fg7z7c0qec4t2b0c0ofg&from=cmi&uid=3219913727_198313_4C61B736&q={searchTerms}"

"Default_Page_URL"="http://www.istartsurf.com/?type=hppp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736"

"Start Page"="http://www.istartsurf.com/?type=hppp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736"

"Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1436398318&z=138afd6dc38e9e1a5f2090fg7z7c0qec4t2b0c0ofg&from=cmi&uid=3219913727_198313_4C61B736&q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1436398318&z=138afd6dc38e9e1a5f2090fg7z7c0qec4t2b0c0ofg&from=cmi&uid=3219913727_198313_4C61B736&q={searchTerms}"

"Default_Page_URL"="http://www.istartsurf.com/?type=hppp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736"

"Start Page"="http://www.istartsurf.com/?type=hppp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736"

"Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1436398318&z=138afd6dc38e9e1a5f2090fg7z7c0qec4t2b0c0ofg&from=cmi&uid=3219913727_198313_4C61B736&q={searchTerms}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} e Url="http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=3219913727_198313_4C61B736&ts=1436398376&type=default&q={searchTerms}"

{33BB0A4E-99AF-4226-BDF6-49120163DE86} istartsurf Url="http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=3219913727_198313_4C61B736&ts=1436398376&type=default&q={searchTerms}"

{64006C6B-7444-4F00-B1CC-F52DD69B4302} Unknown Url="http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=3219913727_198313_4C61B736&ts=1436398376&type=default&q={searchTerms}"

{80c554b9-c7f8-4a21-9471-06d606da78a2} Unknown Url="http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=3219913727_198313_4C61B736&ts=1436398376&type=default&q={searchTerms}"

{E733165D-CBCF-4FDA-883E-ADEF965B476C} Google Url="http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=3219913727_198313_4C61B736&ts=1436398376&type=default&q={searchTerms}"

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436151547&z=8eeb2727805a71698bd5e22g2z1c1qcg1w8gfw3zfw&from=face&uid=3219913727_198313_4C61B736

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1436398318&z=138afd6dc38e9e1a5f2090fg7z7c0qec4t2b0c0ofg&from=cmi&uid=3219913727_198313_4C61B736&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1436398318&z=138afd6dc38e9e1a5f2090fg7z7c0qec4t2b0c0ofg&from=cmi&uid=3219913727_198313_4C61B736&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=pt-BR&Src=WD8&Tid=000328B0&OHP=http%3A%2F%2Fdell13.msn.com&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26src%3DIE%2DSearchBox%26FORM%3DIE11SR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: LuckyTab Class - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - C:\Program Files (x86)\MiuiTab\SupTab.dll

O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F8B5A2C-E909-4827-B92E-0C7250E69DF8}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\..\{B2A59CB8-02D1-43EE-A7B1-EB0847702678}: NameServer = 75.126.206.18,184.173.169.186

O17 - HKLM\System\CCS\Services\Tcpip\..\{BAF5F1BC-2671-45E0-83D4-2BCC326C9D85}: NameServer = 75.126.206.18,184.173.169.186

O17 - HKLM\System\CS1\Services\Tcpip\..\{3F8B5A2C-E909-4827-B92E-0C7250E69DF8}: NameServer = 8.8.8.8,8.8.4.4

==== EOF on 08/07/2015 at 21:18:15,19 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá @welington Cordeiro

 

Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

1)
 
Faça o download do Farbar Service Scanner e salve em seu Desktop

  • Marque as caixas:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Clique em Scan
  • Será criado um log (FSS.txt) no Desktop
  • Anexe o do log em sua próxima resposta.

2)

Baixe MbrScan.exe by Eric_71 > salve no desktop.
 
Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.
 
Selecione, copie e cole o seu conteúdo na próxima resposta.

 

3)

 

Baixe o 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR)

Extraia o arquivos para sua área de trabalho

  • Acesse a pasta mbar e execute o arquivo mbar.exe
  • Clique no botão Next, depois em Update,
  • Clique novamente em Next, e em seguida em Scan.
  • Ao final, Não clique no Cleanup, basta apenas sair do programa.
  • Anexe os logs mbar-log.txt e system-log.txt , localizado na pasta mbar

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela resposta!

 

Eu levei boa parte do dia tentando anexar estes arquivos, a infecção não permite que eu faça qualquer coisa normalmente. 

 

Um abraço,

FSS.txt

mbar-log-2015-07-09 (15-56-11).txt

MbrScan.log

system-log.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

Desculpa a demora, estou tendo problema com o meu notebook.   :(

 

1)
 
Baixe o AdwCleaner e salve no desktop.
https://toolslib.net...loads/finish/1/

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Anexe o log na sua próxima resposta.

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.
 
2)

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta começara o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Anexe o log na sua próxima resposta.

 

3)

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Baixe o Farbar Recovery Scan Tool e salve em sua área de trabalho.
32 bit (x86) ou 64 bit (x64)

Dê um duplo-clique para executar a ferramenta. Marque a caixa 90 Days Files e clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Anexe os logs na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro welington Cordeiro

O CarlosTurco está tendo problemas em seu computador e até que tudo se resolva estarei assumindo seu caso.

Só preciso que me dê um "ok" como resposta. ;)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK!

Muito obrigado!

Mas parece que a infecção foi resolvida com os ultimos procedimentos... mas talvez tenha algo que vocês queiram analisar nos arquivos que ele pediu e eu enviei... ou talvez o vírus esteja escondido... mas realizarem qualquer procedimento que vocês sugerirem...

Obrigado novamente!

Abraço!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro welington Cordeiro

 

O FRST deve ser executado diretamente na Área de Trabalho (Desktop), no entanto você executou da pasta:

 

Running from C:\Users\Welington\Downloads

 

Delete-o desta pasta, baixe um novo para o Desktop, faça o scan e poste os novos logs.

 

PS: Antes do scan, marque a opção Addition.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro welington Cordeiro

 

Tá feio aí hein... ;)

 

# Etapa nº 1 #

 

Pergunta: foi você quem desativou as restrições do Painel de Controle?

 

# Etapa nº 2 #

 

Desinstale os seguintes programas:

 

BoBrowser
Cinema_Plus-1.2V12.07
I - Cinema
mystartsearch

 

# Etapa nº 3 #

 

Abra o Bloco de Notas e crie um arquivo chamado Fixlist.txt
Salve em sua área de trabalho (Desktop);
Copie todo o conteúdo abaixo e cole no aquivo criado acima:

CreateRestorePoint:CloseProcesses:BoBrowser (HKU\S-1-5-21-428577987-3947729596-2698170759-1001\...\BoBrowser) (Version: 36.0.1985.141 - BoBrowser) <==== ATTENTIONCinema_Plus-1.2V12.07 (HKLM-x32\...\Cinema_Plus-1.2V12.07) (Version: 1.36.01.22 - Cinema_Plus-1.2V12.07) <==== ATTENTIONI - Cinema (HKLM-x32\...\I - Cinema) (Version: 1.36.01.22 - iCinema)mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version:  - mystartsearch) <==== ATTENTIONHKU\S-1-5-21-428577987-3947729596-2698170759-1001\...\MountPoints2: {cf4af692-f1c4-11e3-bebc-bc8556e45606} - "F:\iStudio.exe"HKU\S-1-5-21-428577987-3947729596-2698170759-1001\...\Run: [BoBrowser] => "C:\Users\Welington\AppData\Local\BoBrowser\Application\bobrowser.exe" --no-proxy-serverGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1436717830&z=090dd8dded04452b76eb600g5zdc6q3m0gdm3b1o8e&from=ium6&uid=3219913727_198313_4C61B736HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1436717830&z=090dd8dded04452b76eb600g5zdc6q3m0gdm3b1o8e&from=ium6&uid=3219913727_198313_4C61B736&q={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1436717830&z=090dd8dded04452b76eb600g5zdc6q3m0gdm3b1o8e&from=ium6&uid=3219913727_198313_4C61B736HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1436717830&z=090dd8dded04452b76eb600g5zdc6q3m0gdm3b1o8e&from=ium6&uid=3219913727_198313_4C61B736&q={searchTerms}HKU\S-1-5-21-428577987-3947729596-2698170759-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1436717830&z=090dd8dded04452b76eb600g5zdc6q3m0gdm3b1o8e&from=ium6&uid=3219913727_198313_4C61B736&q={searchTerms}SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =Tcpip\..\Interfaces\{B2A59CB8-02D1-43EE-A7B1-EB0847702678}: [NameServer] 75.126.206.18,184.173.169.186Tcpip\..\Interfaces\{BAF5F1BC-2671-45E0-83D4-2BCC326C9D85}: [NameServer] 75.126.206.18,184.173.169.186FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-07-12]FF Extension: I - Cinema - C:\Users\Welington\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default\Extensions\MGKN37049485@ACPSC11936960.com [2015-07-12]C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xmlFF SearchPlugin: C:\Users\Welington\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default\searchplugins\webssearches.xml [2015-07-13]C:\Users\Welington\AppData\Roaming\Mozilla\Firefox\Profiles\aqj1vqgd.default\searchplugins\webssearches.xmlS3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]Task: {059A626C-3A54-471A-91DE-96CA8EB0EB93} - System32\Tasks\temp_5866009f-f35f-40ac-a6d6-5a0f96900e50-10_user => C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-10.exe <==== ATTENTIONTask: {11F72FA0-8FC6-4BDA-90BA-987E283D3B67} - \D8trOHkbOwG4 No Task File <==== ATTENTIONTask: {1BF13D9A-0EFD-4DF3-B6E9-3D3F82EFD57B} - \tTrRya2zQqteh04ACQ5GdrextFe No Task File <==== ATTENTIONTask: {228F0997-48CC-4FB2-92C4-88E9815A19E4} - \temp_0b33a2f9-0cb1-4a63-a856-54963a0e5286-1-6 No Task File <==== ATTENTIONTask: {2A0952B7-46AE-40C4-BF6D-4DFF0BAD9F82} - \vjGemhjk No Task File <==== ATTENTIONTask: {38122F57-47F4-4177-ABBF-D2D2F068A881} - \RfjS4CdOplm3 No Task File <==== ATTENTIONTask: {3BC4A094-5F4C-4C27-BADA-E50AEAA62D21} - \temp_0b33a2f9-0cb1-4a63-a856-54963a0e5286-6 No Task File <==== ATTENTIONTask: {4580F537-B5C0-4B0F-8869-A6EC7071C8C7} - System32\Tasks\temp_5866009f-f35f-40ac-a6d6-5a0f96900e50-1-6 => C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-1-6.exe <==== ATTENTIONTask: {482DD897-107B-4E0E-8574-71B5CDE2F9B1} - \Ckhg8T46BN0sGNffO0p7za No Task File <==== ATTENTIONTask: {825A75ED-A761-45E4-8EBB-EB97353D3651} - \SEBwz95KsYA No Task File <==== ATTENTIONTask: {B4E49A33-B293-4BED-A791-B7A210A687DB} - \0dyAflLn4HpKDZ No Task File <==== ATTENTIONTask: {B7D9AF3D-4963-452A-A280-C8E0751F8FC2} - \4ig3vDa No Task File <==== ATTENTIONTask: {DFDD1FFC-47E3-470D-ABCD-0BF0C3DD4ED9} - \Crossbrowse No Task File <==== ATTENTIONTask: {E17C7FFF-B46D-4F8C-BF3F-50A3E500006D} - \8voKgK59diUXqxbWlTiRBeuYfZ No Task File <==== ATTENTIONTask: {E5A748E4-5998-4714-9D83-430D07C17001} - \PremiumReliever-S-2792935414 No Task File <==== ATTENTIONTask: {E6AB172B-5651-4174-9E96-C7F452E2753D} - System32\Tasks\temp_5866009f-f35f-40ac-a6d6-5a0f96900e50-6 => C:\Program Files (x86)\Cinema.Plus.i3V04.07\5866009f-f35f-40ac-a6d6-5a0f96900e50-6.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\0dyAflLn4HpKDZ.job => C:\Users\Welington\AppData\Roaming\0dyAflLn4HpKDZ.exe <==== ATTENTIONC:\Users\Welington\AppData\Roaming\0dyAflLn4HpKDZ.exeTask: C:\WINDOWS\Tasks\4ig3vDa.job => C:\Users\Welington\AppData\Roaming\4ig3vDa.exe <==== ATTENTIONC:\Users\Welington\AppData\Roaming\4ig3vDa.exeTask: C:\WINDOWS\Tasks\8voKgK59diUXqxbWlTiRBeuYfZ.job => C:\Users\Welington\AppData\Roaming\8voKgK59diUXqxbWlTiRBeuYfZ.exe <==== ATTENTIONC:\Users\Welington\AppData\Roaming\8voKgK59diUXqxbWlTiRBeuYfZ.exeTask: C:\WINDOWS\Tasks\Ckhg8T46BN0sGNffO0p7za.job => C:\Users\Welington\AppData\Roaming\Ckhg8T46BN0sGNffO0p7za.exe <==== ATTENTIONC:\Users\Welington\AppData\Roaming\Ckhg8T46BN0sGNffO0p7za.exeTask: C:\WINDOWS\Tasks\D8trOHkbOwG4.job => C:\Users\Welington\AppData\Roaming\D8trOHkbOwG4.exe <==== ATTENTIONC:\Users\Welington\AppData\Roaming\D8trOHkbOwG4.exeTask: C:\WINDOWS\Tasks\PremiumReliever-S-2792935414.job => c:\programdata\trusted publisher\systempreserver\PremiumReliever.exeU/schedule /profile c:\programdata\trusted publisher\systempreserver\2792935414.ini <==== ATTENTIONc:\programdata\trusted publisher\systempreserver\PremiumReliever.exeU/schedule /profile c:\programdata\trusted publisher\systempreserver\2792935414.iniTask: C:\WINDOWS\Tasks\RfjS4CdOplm3.job => C:\Users\Welington\AppData\Roaming\RfjS4CdOplm3.exe <==== ATTENTIONC:\Users\Welington\AppData\Roaming\RfjS4CdOplm3.exeTask: C:\WINDOWS\Tasks\SEBwz95KsYA.job => C:\Users\Welington\AppData\Roaming\SEBwz95KsYA.exe <==== ATTENTIONC:\Users\Welington\AppData\Roaming\SEBwz95KsYA.exeTask: C:\WINDOWS\Tasks\tTrRya2zQqteh04ACQ5GdrextFe.job => C:\Users\Welington\AppData\Roaming\tTrRya2zQqteh04ACQ5GdrextFe.exe <==== ATTENTIONC:\Users\Welington\AppData\Roaming\tTrRya2zQqteh04ACQ5GdrextFe.exeTask: C:\WINDOWS\Tasks\vjGemhjk.job => C:\Users\Welington\AppData\Roaming\vjGemhjk.exe <==== ATTENTIONC:\Users\Welington\AppData\Roaming\vjGemhjk.exeC:\WINDOWS\Tasks\PremiumReliever-S-2792935414.jobC:\Program Files (x86)\I - CinemaCMD:ipconfig /flushdnsEmptyTemp:
Execute novamente o Farbar Recovery Scan Tool e clique no botão Fix;
Aguarde e poste o log em sua próxima resposta.

 

# Etapa nº 4 #

 

Estarei resetando seus navegadores. ;)

 

Abra o Bloco de Notas e crie um arquivo chamado zascript.txt
Salve em sua área de trabalho (Desktop);
Copie todo o conteúdo abaixo e cole no aquivo criado acima:

FFdefaults;chrdefaults;autoclean;resetIEproxy;resethosts;installedprogs;emptyfolderscheck;delete;emptyalltemp;createsrpoint;

Novamente, execute o ZA-Scan e aguarde.
Poste o novo log.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro welington Cordeiro

 

# Etapa nº 1 #

 

Abra o Bloco de Notas e crie um arquivo chamado Fixlist.txt
Salve em sua área de trabalho (Desktop);
Copie todo o conteúdo abaixo e cole no aquivo criado acima:

CreateRestorePoint:CloseProcesses:HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [NoFolderOptions] 0Reboot:
Execute novamente o Farbar Recovery Scan Tool e clique no botão Fix;
Aguarde e poste o log em sua próxima resposta.

 

# Etapa nº 2 #

 

Baixe a Malwarebytes' Anti-Malware (MBAM).
 
Dê um duplo-clique no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, clique no botão Mover todos para a Quarentena.
  • Clique em Aplicar ações.
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos na janela principal do programa.
  • Dê um duplo-clique no log. Utilize o formato .txt para exportar o log.
     
    2mwt7yh.jpg
     
  • NÃO USE O FORMATO .XML PARA EXPORTAR O LOG.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Anexe o log na sua próxima resposta.


NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro welington Cordeiro

 

Opa... que isso :)

 

Preciso de um novo log do FRST: esxecute o programa, porém antes de clicar no botão scan, marque a opção Addition. Faça o scan e poste os dois logs.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro welington Cordeiro

 

Creio que meu colega/amigo @CarlosTurco se confundiu e postou em tópico errado. Irei avisá-lo.

 

Me aguarde.

 

Abraços :D


Caro welington Cordeiro

 

# Etapa nº 1 #

 

Abra o Bloco de Notas e crie um arquivo chamado Fixlist.txt
Salve em sua Área de Trabalho (Desktop);
Copie todo o conteúdo abaixo e cole no aquivo criado acima:

CreateRestorePoint:CloseProcesses:S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]R4 WinDivert1.1; \??\C:\WINDOWS\system32\WinDivert64.sys [X]Task: {0912A545-6BAA-4DDC-B422-C83CE7B14C5E} - \SpeedCheck Update No Task File <==== ATTENTIONReboot:
Execute novamente o Farbar Recovery Scan Tool e clique no botão Fix;
Aguarde e poste o log em sua próxima resposta.

 

# Etapa nº 2 #

 

Baixe a Malwarebytes' Anti-Malware (MBAM).
 
Dê um duplo-clique no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, clique no botão Mover todos para a Quarentena.
  • Clique em Aplicar ações.
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos na janela principal do programa.
  • Dê um duplo-clique no log. Utilize o formato .txt para exportar o log.
     
    2mwt7yh.jpg
     
  • NÃO USE O FORMATO .XML PARA EXPORTAR O LOG.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Anexe o log na sua próxima resposta.


NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro welington Cordeiro

 

# Etapa nº 1 #

Desative temporiariamente seu AntiVirus

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    1. Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    2. Duplo clique no ícone em seu desktop.


    [*]Marque "YES, I accept the Terms of Use." [*]Clique em Start. [*]Aceite qualquer aviso de segurança de seu browser. [*]Marque: "Enable detection of potentially unwanted applications" [*]Clique em Hide Advanced settings e marque o seguinte:

    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List of found threats
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Clique em Back.
  • Clique em Finish.
  • Anexe o conteúdo do log.



# Etapa nº 2 #

Faça o download do SecurityCheck e salve em seu Desktop

Link Alternativo

  • Clique duas vezes no SecurityCheck.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png


  • Pressione qualquer tecla para continuar... será aberto um relatório
  • Copie todo seu conteúdo e cole em sua próxima resposta;
  • Observação: não anexe este log!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá,

 

Estou enviando os logs!

 

Muito obrigado pela ajuda!

 

 

 Results of screen317's Security Check version 1.006  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

Windows Defender   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 18.0.0.209  

 Adobe Reader XI  

 Mozilla Firefox (39.0) 

 Google Chrome (44.0.2403.107) 

 Google Chrome (44.0.2403.89) 

 Google Chrome (GoogleUpdateHelper.Vdll..) 

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSMpEng.exe 

 ESET ESET Online Scanner OnlineScannerApp.exe  

 IObit IObit Malware Fighter IMFsrv.exe  

 IObit IObit Malware Fighter IMF.exe  

 IObit IObit Malware Fighter IMFTips.exe  

 Windows Defender MpCmdRun.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

 

Esetlog.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro welington Cordeiro

 

>>>> Como está o computador?

# Etapa nº 1 #

Faça o download do DelFix e salve em seu Desktop

  • Clique duas vezes no delfix.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png


  • Marque as seguintes caixas:

Ativar UAC (opcional, veja abaixo mais informações)
Remover ferramentas de desinfecção
Criar backup do registro
Limpar pontos da restauração do sistema
Redefinir as configurações do sistema
  • Clique no botão Executar e aguarde.
  • Quando o scan terminar irá gerar um log.
  • Poste todo o conteúdo desse log.



Observação:
Caso queira saber sobre a
UAC
, clique
.



# Etapa nº 2 #

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...

    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!


<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Problema resolvido!

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×