Ir ao conteúdo
  • Cadastre-se
danielbacha

Remoção malware

Recommended Posts

Boa noite.

Esse semestre instalei um programa que precisava para faculdade e logo em seguida o meu antivírus começou a alertar sobre infecções e várias janelas começaram a abrir, assim desinstalei o programa, escaneei em busca de vírus, deletei os arquivos infectados (que eram muitos), mas o problema permaneceu. Escaneei novamente por várias vezes e sempre deletando vários arquivos corrompidos ou infectados mas o problema nunca terminou, o antivírus ainda sempre alerta sobre infecções e janelas ainda abrem sozinhas, com frequências variadas. Por isso agora peço ajuda sobre o que fazer para acabar com este problema.

Mando também em anexo o log do ZA-Scan.

Muito obrigado.

 

ZA-Scan.txt

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

@danielbacha

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito.
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!
Etapa nº 1 #

 

Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, segue os logs.

 

Log AdwCleaner

***************************************

# AdwCleaner v5.201 - Relatório criado 03/08/2016 às 11:56:50
# Atualizado 30/06/2016 por ToolsLib
# Banco de dados : 2016-08-02.3 [Servidor]
# Sistema operacional : Windows 10 Home Single Language  (X64)
# Usuário : dbacha - BACHAPC
# Executando de : C:\Users\dbacha\Desktop\adwcleaner_5.201.exe
# Opção : Limpar
# Apoio : https://toolslib.net/forum

***** [ Serviços ] *****

[-] Serviço Excluído : PanService
[-] Serviço Excluído : TheCalendarService
[-] Serviço Excluído : MPCProtectService
[-] Serviço Excluído : MPCKpt
[-] Serviço Excluído : potytysezbt
[-] Serviço Excluído : rohoqidozbt
[-] Serviço Excluído : zihyginizbt
[-] Serviço Excluído : zoqyhisyzbt

***** [ Pastas ] *****

[-] Pasta Excluído : C:\ProgramData\eSafe
[-] Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[-] Pasta Excluído : C:\Users\Public\Documents\Guid
[-] Pasta Excluído : C:\Program Files (x86)\CalendarTool
[#] Pasta Excluído : C:\Program Files (x86)\MPC Cleaner
[-] Pasta Excluído : C:\Program Files (x86)\PANDORA.TV
[-] Pasta Excluído : C:\Program Files (x86)\WebShield
[-] Pasta Excluído : C:\Program Files (x86)\HPDef
[-] Pasta Excluído : C:\Program Files (x86)\4E435451-1465169236-3043-4132-3085A97C1C18
[-] Pasta Excluído : C:\Users\dbacha\AppData\Local\Temp\MPC
[-] Pasta Excluído : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\CalendarTool
[-] Pasta Excluído : C:\Users\dbacha\AppData\Local\Minibar
[-] Pasta Excluído : C:\Users\dbacha\AppData\Local\StormFall
[-] Pasta Excluído : C:\Users\dbacha\AppData\Local\28050
[-] Pasta Excluído : C:\Users\dbacha\AppData\Roaming\CalendarTool
[-] Pasta Excluído : C:\Users\dbacha\AppData\Roaming\Easeware
[-] Pasta Excluído : C:\Users\dbacha\AppData\Roaming\MCorp
[-] Pasta Excluído : C:\Users\dbacha\AppData\Roaming\Checkers
[-] Pasta Excluído : C:\Program Files\Easeware
[#] Pasta Excluído : C:\Users\dbacha\AppData\Roaming\MCorp

***** [ Arquivos ] *****

[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0.localstorage
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jidjhchcblhlapbcpheibgdjkajekhbh_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_br.hao123.com_0.localstorage
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_br.hao123.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvplussearch.com_0.localstorage
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvplussearch.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.buenosearch.com_0.localstorage
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.buenosearch.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hamburg-tourism.de_0.localstorage
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hamburg-tourism.de_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] Arquivo Excluído : C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
[#] Arquivo Excluído : C:\WINDOWS\SysNative\drivers\MPCKpt.sys

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****

[-] Chave Excluída : HKLM\SOFTWARE\ea61455b-1628-b784-51cd-685e276c08b0
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{DCFCC2EC-3F33-45A8-8ADF-A6C81F11232F}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753}
[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Chave Excluída : HKCU\Software\BI
[-] Chave Excluída : HKCU\Software\IM
[-] Chave Excluída : HKCU\Software\InstallCore
[-] Chave Excluída : HKCU\Software\Minibar
[-] Chave Excluída : HKCU\Software\Optimizer Pro
[-] Chave Excluída : HKCU\Software\Softonic
[-] Chave Excluída : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Chave Excluída : HKCU\Software\AppDataLow\Software\Crossrider
[-] Chave Excluída : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Chave Excluída : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Chave Excluída : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Chave Excluída : HKLM\SOFTWARE\dosearchessoftware
[-] Chave Excluída : HKLM\SOFTWARE\Iminent
[-] Chave Excluída : HKLM\SOFTWARE\Minibar
[-] Chave Excluída : HKLM\SOFTWARE\MPC
[-] Chave Excluída : HKLM\SOFTWARE\supWindowsMangerProtect
[-] Chave Excluída : HKLM\SOFTWARE\vi-viewSoftware
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebShield
[-] Chave Excluída : [x64] HKLM\SOFTWARE\CALENDARTOOL
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}
[-] Chave Excluída : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
[-] Dados Restaurar : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Dados Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Dados Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Dados Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Dados Restaurar : HKU\S-1-5-21-4103568974-3575969232-579509045-1004\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Valor Excluída : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{1913E31B-D7D6-433B-904B-AE399A4FB1D4}]
[-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\br.hao123.com
[-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hao123.com
[-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\br.hao123.com
[-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hao123.com
[-] Chave Excluída : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
[-] Chave Excluída : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WsysSvc

***** [ Navegadores ] *****

[-] [C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : all2wav-recorder.softonic.com.br
[-] [C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com
[-] [C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : start.iminent.com
[-] [C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : codota.com

*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas
:: Políticas do IE excluídas
:: Políticas do Chrome excluídas

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [17022 bytes] - [03/08/2016 11:56:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [18248 bytes] - [03/08/2016 11:39:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [17170 bytes] ##########

 

 

 

 

Log JRT

********************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home Single Language x64
Ran by dbacha (Administrator) on 03/08/2016 at 12:08:47,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 9

Failed to delete: C:\Program Files (x86)\mpc cleaner (Folder)
Successfully deleted: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File)
Successfully deleted: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File)
Successfully deleted: C:\Users\dbacha\Documents\optimizer pro (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Easy Scheduled Scan (Task)
Successfully deleted: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job (Task)
Successfully deleted: C:\WINDOWS\prefetch\DRIVEREASY.EXE-DD5F7CB1.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVEREASY_SETUP.TMP-080BCCF8.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVEREASY_SETUP.TMP-13332BA9.pf (File)

Registry: 2

Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\MPCKpt (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/08/2016 at 12:13:49,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Log ZHPCleaner

***********************************************

~ ZHPCleaner v2016.8.2.95 by Nicolas Coolman (2016/08/02)
~ Run by dbacha (Administrator)  (03/08/2016 13:17:17)
~ Site : https://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\dbacha\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\dbacha\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 10586)


---\\  Serviços (1)
PAROU : MPCProtectService  =>.Superfluous.MPCCleaner


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (30)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (37)
MOVIDO pasta: C:\Users\dbacha\AppData\Roaming\unins000.exe [ - Setup/Uninstall]  =>PUP.Optional.Pirrit
MOVIDO pasta^: C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [DotC United Inc - MPC Protect Service]  =>.Superfluous.MPCCleaner
MOVIDO pasta^: C:\Windows\System32\drivers\MPCKpt.sys [DotC United Inc - MPC Driver]  =>.Superfluous.MPCCleaner
MOVIDO pasta: C:\Users\dbacha\Downloads\SoftonicDownloader_para_all2wav-recorder.exe [Softonic - Softonic Downloader]  =>.Superfluous.Softonic
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage    =>.Superfluous.CloudfrontNet
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal    =>.Superfluous.CloudfrontNet
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d30ke5tqu2tkyx.cloudfront.net_0.localstorage    =>.Superfluous.CloudfrontNet
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d30ke5tqu2tkyx.cloudfront.net_0.localstorage-journal    =>.Superfluous.CloudfrontNet
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage    =>PUP.Optional.Generic
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal    =>PUP.Optional.Generic
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage    =>PUP.Optional.PutLocker
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal    =>PUP.Optional.PutLocker
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage    =>.Superfluous.AudienceInsights
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal    =>.Superfluous.AudienceInsights
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.glindorus.net_0.localstorage    =>PUP.Optional.Glindorus
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.glindorus.net_0.localstorage-journal    =>PUP.Optional.Glindorus
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_widgets.wizebar.com_0.localstorage    =>PUP.Optional.Zebar
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_widgets.wizebar.com_0.localstorage-journal    =>PUP.Optional.Zebar
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cinemaxx.de_0.localstorage    =>PUP.Optional.CrossRider
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.cinemaxx.de_0.localstorage-journal    =>PUP.Optional.CrossRider
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.coolspeedial.com_0.localstorage    =>PUP.Optional.SpeedDial
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.coolspeedial.com_0.localstorage-journal    =>PUP.Optional.SpeedDial
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.com_0.localstorage    =>PUP.Optional.PutLocker
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.com_0.localstorage-journal    =>PUP.Optional.PutLocker
MOVIDO pasta: C:\Users\dbacha\AppData\Local\Temp\etilqs_BKL0O9WhpgWpmoT    =>PUP.Optional.WpManager
MOVIDO pasta: C:\Windows\KMSEmulator.exe    =>HackTool.AutoKMS
MOVIDO pasta: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
MOVIDO arquivo^: C:\Program Files (x86)\MPC Cleaner  =>.Superfluous.MPCCleaner
MOVIDO arquivo: C:\WINDOWS\AutoKMS  =>HackTool.AutoKMS
MOVIDO arquivo: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
MOVIDO arquivo: C:\Users\dbacha\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ
MOVIDO arquivo: C:\WINDOWS\Installer\MSI58BD.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI5E8B.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI6696.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI6ABD.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI6D6E.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIE261.tmp-  =>Empty


---\\  Registro ( Chaves, Valores, Dados ) (57)
SUPRIMIDO chave^: HKLM\SYSTEM\CurrentControlSet\Services\MPCProtectService [C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe]  =>.Superfluous.MPCCleaner
SUPRIMIDO chave^: HKLM\SYSTEM\CurrentControlSet\Services\MPCKpt [C:\Windows\System32\drivers\MPCKpt.sys]  =>.Superfluous.MPCCleaner
SUPRIMIDO chave*: HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Plus-HD-1.6 []  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27E3488F-E60-42A5-9620-57E19637520} [C:\Program Files (x86)\Plus-HD-1.6 (Not File)]  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58F75B03-44D8-49AC-831B-348D599489} [C:\Program Files (x86)\Plus-HD-1.6 (Not File)]  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8766D559-6BD5-4E89-9A1A-3F1BFE144E98} [C:\Program Files (x86)\Plus-HD-1.6 (Not File)]  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5858F98-B8E3-487A-8D3D-BC5FC0AC1319} [C:\Program Files (x86)\Plus-HD-1.6 (Not File)]  =>PUP.Optional.CrossRider
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.audienceinsights.net [43]  =>.Superfluous.AudienceInsights
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} [IStatedContract]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} [_LogoutCommand]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} [_LoginCommand]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} [_LightUri]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} [_PlayContentCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} [_VariableChangedCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} [ITinyfyingArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} [_AddToUserContentCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} [IServerResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} [_TinyUrlArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} [_RawDataArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} [_ShowPluginWindowCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} [_LightContent]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} [_WarmUpCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} [_CheckLoginStatusCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} [_WelcomeCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} [_ShowBrowserWindowCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} [IMediatorClient]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} [_ShowControlCenterCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} [IServerCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} [ICoordCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} [_GetVariableResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} [_GetLoginStatusResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} [_DownloadArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} [_GameOverCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} [IMediatorServiceProxy]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} [_InstallationContextResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} [IContractBase]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} [_CleanCacheCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} [_GetInstallationContextCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} [_LoginStatusChangedCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} [_MergeIdentityCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} [_SetVariableCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} [_MyAccountCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} [IHWndContract]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} [_PostContentCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} [_RecycleViewsCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} [_UserContentChangedCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} [_GetCreditCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} [_LinkToPromoteArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} [_LoadContentCommandResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} [_ViralLinkArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update DigiHelp []  =>PUP.Optional.DigiHelp
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\DtsEncodeTools []  =>PUP.Optional.WeatherTool
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} [C:\Program Files (x86)\Iminent\ (Not File)]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} [C:\Program Files (x86)\Iminent\ (Not File)]  =>PUP.Optional.IMBooster
SUPRIMIDO valor: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime]  =>Riskware.QuickTime


---\\  Resumo dos elementos encontrados na sua estação de trabalho (21)
https://www.nicolascoolman.fr/superfluous-mpccleaner/ =>.Superfluous.MPCCleaner
https://www.nicolascoolman.fr/?p=914 =>PUP.Optional.Pirrit
https://www.nicolascoolman.fr/?p=5145 =>.Superfluous.Softonic
https://www.nicolascoolman.fr/?p=5145 =>.Superfluous.CloudfrontNet
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/ =>PUP.Optional.Generic
https://www.nicolascoolman.fr/?p=134 =>PUP.Optional.PutLocker
https://www.nicolascoolman.fr/?p=5145 =>.Superfluous.AudienceInsights
https://www.nicolascoolman.fr/?p=1417 =>PUP.Optional.Glindorus
https://www.nicolascoolman.fr/?p=1118 =>PUP.Optional.Zebar
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider
https://www.anti-malware.top/2016/06/01/pup-optional-speeddial/ =>PUP.Optional.SpeedDial
https://www.anti-malware.top/2016/06/18/superfluous-wpmanager/ =>PUP.Optional.WpManager
https://www.anti-malware.top/2016/05/04/hacktool-autokms/ =>HackTool.AutoKMS
https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime
https://www.nicolascoolman.fr/?p=679 =>PUP.Optional.DomaIQ
https://www.nicolascoolman.fr/?p=224 =>PUP.Optional.IMBooster
https://www.nicolascoolman.fr/?p=610 =>PUP.Optional.RewardsArcade
https://www.anti-malware.top/2016/05/01/pup-optional-digihelp/ =>PUP.Optional.DigiHelp
https://www.nicolascoolman.fr/pup-optional-weathertool =>PUP.Optional.WeatherTool
https://www.nicolascoolman.fr/?p=235 =>Toolbar.Ask
https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect


---\\  Dodatkowe oczyszczenie. (44)
~ Chave de registro Tracing Supprimido (44)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)
~ O sistema foi reiniciado.


---\\ Estatísticas
~ Items scan : 730
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 95


~ End of clean in 00h01mn20s
~====================
ZHPCleaner-[R]-03082016-13_18_37.txt
ZHPCleaner--03082016-13_11_50.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

Baixe a Malwarebytes Anti-Malware (MBAM).
 
Clique duas vezes no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
  • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, segue o log do MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 05/08/2016
Hora da verificação: 12:43
Arquivo de registro: logMBAM.txt
Administrador: Sim

Versão: 2.2.1.1043
Banco de dados de malware: v2016.08.05.07
Banco de dados de rootkit: v2016.05.27.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 10
CPU: x64
Sistema de arquivos: NTFS
Usuário: dbacha

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 611860
Tempo decorrido: 2 hr, 20 min, 2 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 1
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, 3268, Excluir ao reiniciar, [f388e3643466ab8be5783d55bf421ee2]

Módulos: 6
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, Excluir ao reiniciar, [d0ab7dcab0ea7cbabaa3395956abec14],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Excluir ao reiniciar, [2c4f10373b5f79bd79e4514108f98977],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Excluir ao reiniciar, [601b380f5b3f5bdbc895bcd64cb537c9],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Excluir ao reiniciar, [8cef044344564ceaef7d5a5ce4208f71],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Excluir ao reiniciar, [493261e6b9e1bf774c20d2e4fe06a35d],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Excluir ao reiniciar, [8eed2e19a3f70d29a8b5860c47ba2ad6],

Chaves de registro: 7
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCProtectService, Excluir ao reiniciar, [f388e3643466ab8be5783d55bf421ee2],
PUP.Optional.TorrentSearch, HKLM\SOFTWARE\CLASSES\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}, Quarentena, [bac17ccb2377cc6a131d9204679b6d93],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\SolidWorks 2016 Crack   Serial Key Full Free Download.DynamicNS, Quarentena, [fc7f82c541593afc7d153b5bca3826da],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SolidWorks 2016 Crack   Serial Key Full Free Download.DynamicNS, Quarentena, [502b63e48812d5612f636b2bb151f907],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\SolidWorks 2016 Crack   Serial Key Full Free Download.DynamicNS, Quarentena, [502b63e48812d5612f636b2bb151f907],
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC, Excluir ao reiniciar, [4a31b493188259dd2089a24fdb287a86],
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKpt, Excluir ao reiniciar, [84f7a4a39208b77f107be9e019e940c0],

Valores de registro: 2
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC|Location, C:\Program Files (x86)\MPC Cleaner, Excluir ao reiniciar, [4a31b493188259dd2089a24fdb287a86]
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCPROTECTSERVICE|ImagePath, "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe", Excluir ao reiniciar, [a9d2d374d4c65dd9641cd022f1127b85]

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 17
PUP.Optional.MorePowerfulCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC, Quarentena, [98e300474753f145946ba4452ad9c838],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Exe, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT, Excluir ao reiniciar, [d8a30047c2d81c1a254062674cb6df21],

Arquivos: 124
PUP.Optional.MorePowerfulCleaner, C:\WINDOWS\SYSTEM32\drivers\MPCKpt.sys, Excluir ao reiniciar, [b66a551d00e41d5416f4cb5497926238],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, Excluir ao reiniciar, [f388e3643466ab8be5783d55bf421ee2],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, Excluir ao reiniciar, [d0ab7dcab0ea7cbabaa3395956abec14],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Excluir ao reiniciar, [2c4f10373b5f79bd79e4514108f98977],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Excluir ao reiniciar, [601b380f5b3f5bdbc895bcd64cb537c9],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Excluir ao reiniciar, [8cef044344564ceaef7d5a5ce4208f71],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Excluir ao reiniciar, [493261e6b9e1bf774c20d2e4fe06a35d],
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Excluir ao reiniciar, [8eed2e19a3f70d29a8b5860c47ba2ad6],
PUP.Optional.MorePowerfulCleaner, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\MPCKpt.sys, Quarentena, [b6c56dda6a304beb8980bddb16eb4db3],
PUP.Optional.MorePowerfulCleaner, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\LpcManager.dll, Quarentena, [1f5c89bed1c9b482c4998111e61b41bf],
PUP.Optional.MorePowerfulCleaner, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\MPCProtectService.exe, Quarentena, [146758ef22785ed8ed702a68a25f52ae],
PUP.Optional.SofTonic, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\SoftonicDownloader_para_all2wav-recorder.exe, Quarentena, [bac1b196603a280eaeee4bde35cc7b85],
PUP.Optional.MorePowerfulCleaner, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\MPC Cleaner.DIR\LpcManager.dll, Quarentena, [fa81f4532d6df6400a53c6cc956cd729],
PUP.Optional.MorePowerfulCleaner, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\MPC Cleaner.DIR\MPCProtectService.exe, Quarentena, [5c1fd275801acc6abf9e781a60a19f61],
PUP.Optional.MorePowerfulCleaner, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\MPC Cleaner.DIR\Report.dll, Quarentena, [e893de6904969d99015ccfc399684eb2],
PUP.Optional.MorePowerfulCleaner, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\MPC Cleaner.DIR\Support.dll, Quarentena, [304b8abdf4a6ba7cb1bb991dbd47a957],
PUP.Optional.MorePowerfulCleaner, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\MPC Cleaner.DIR\Utility.dll, Quarentena, [b2c9a99ef2a8bd79aebe3c7a06fea858],
PUP.Optional.MorePowerfulCleaner, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\MPC Cleaner.DIR\WinService.dll, Quarentena, [85f6c2853d5dbd790f4ef9990bf63fc1],
PUP.Optional.MorePowerfulCleaner, C:\Users\dbacha\AppData\Roaming\ZHP\Quarantine\MPC Cleaner.DIR\XProcessBus.dll, Quarentena, [4f2c78cf514974c2cc915a38dd24e31d],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\BDD1.tmp.exe, Quarentena, [7dfe4dfa1c7efc3a9371fda8c44022de],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\9704.tmp.exe, Quarentena, [106b202792080f279074fbaacb39d42c],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\9B6C.tmp.exe, Quarentena, [6615c681188250e60afa0e97f2128977],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\B183.tmp.exe, Quarentena, [2952351284160135bb4980253aca639d],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\BBF9.tmp.exe, Quarentena, [0c6f84c3217941f5cc38e8bd9b69c43c],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\C509.tmp.exe, Quarentena, [0a71281f4b4f280e798bcadbf014d030],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\A9E4.tmp.exe, Quarentena, [9fdc3b0cbfdb0c2a48bc634243c19b65],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\25CF.tmp.exe, Quarentena, [d7a4d671d6c4aa8c9272b3f215ef2fd1],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\3C0.tmp.exe, Quarentena, [542777d01c7e54e226debde8ad574ab6],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\59EB.tmp.exe, Quarentena, [84f7a0a7a7f362d405ff8c19dc289d63],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\643.tmp.exe, Quarentena, [a9d2b39458421a1c857f5b4af21204fc],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\7C0E.tmp.exe, Quarentena, [2c4feb5c3f5b76c0ad571491bf4526da],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\74FA.tmp.exe, Quarentena, [5a21ff481783330390744263956f29d7],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\9483.tmp.exe, Quarentena, [473481c6d2c873c364a011940301718f],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\C4CE.tmp.exe, Quarentena, [4833b98e3f5be452a4602f76877d0af6],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\F96A.tmp.exe, Quarentena, [97e4390ecad01b1b20e4aafbba4a9868],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\142D.tmp.exe, Quarentena, [6e0dae999ffb5ed86a9a9213eb19b14f],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\30C7.tmp.exe, Quarentena, [1665f65198020e28e91bd9cc29db9868],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\4786.tmp.exe, Quarentena, [7605e067158557dff311782d5da71fe1],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\9BC0.tmp.exe, Quarentena, [d4a725220397b97de91bdec7907410f0],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\3D28.tmp.exe, Quarentena, [c5b693b4663496a0c143fbaa956f11ef],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\7778.tmp.exe, Quarentena, [a8d357f07f1b3bfba55f782d2ada03fd],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\A05E.tmp.exe, Quarentena, [6a114ff8c3d7c4720cf835704bb9af51],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\AD76.tmp.exe, Quarentena, [52295ceb38621b1b4db7d2d3c0448d73],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\B55A.tmp.exe, Quarentena, [13686ed957433cfa857f6c39d62eff01],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\EAD4.tmp.exe, Quarentena, [02793a0dc1d93bfbfb09e7be8183b14f],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\2D8F.tmp.exe, Quarentena, [98e37fc8e1b9bb7b29db4164798beb15],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\B4DA.tmp.exe, Quarentena, [007b86c13d5d01352cd8614428dc03fd],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\C4F8.tmp.exe, Quarentena, [6b1054f3376354e230d48a1b6a9ac63a],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\C8DF.tmp.exe, Quarentena, [b9c282c5900a44f213f11d88e123936d],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\DACA.tmp.exe, Quarentena, [98e33d0a485256e0c0445c4943c1768a],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\19E2.tmp.exe, Quarentena, [daa127200d8d1a1cfd071293d03435cb],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\5D4E.tmp.exe, Quarentena, [c6b5d77009913402c83c564f42c23dc3],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\9E25.tmp.exe, Quarentena, [de9d1334c7d3979f14f0079e9c68c739],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\AB18.tmp.exe, Quarentena, [a2d93215603a88aeb64ebbea21e35fa1],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\B7C0.tmp.exe, Quarentena, [6f0c49fe5644053117edc3e2857f0ef2],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\DAE4.tmp.exe, Quarentena, [75069cab0199cd6953b18223e22207f9],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\1B20.tmp.exe, Quarentena, [f289e463d5c59d99f113eabbaf550ff1],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\5785.tmp.exe, Quarentena, [512aaa9d8812fb3b36ce604546be3cc4],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\1876.tmp.exe, Quarentena, [473484c33466a195679d188d887cf60a],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\26E1.tmp.exe, Quarentena, [3c3fc483ddbd4beb64a030750301a957],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\7EF4.tmp.exe, Quarentena, [92e982c59802eb4b0004abfa0400bc44],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\88A0.tmp.exe, Quarentena, [d0ab083f504add596b99a9fc34d08080],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\8A24.tmp.exe, Quarentena, [12690245edadad899f65aff60ef639c7],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\B2A4.tmp.exe, Quarentena, [91ea4dfa0a903ef860a4891c857f47b9],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\C35D.tmp.exe, Quarentena, [3d3ead9a4c4e39fd6f954e5711f3df21],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\E27E.tmp.exe, Quarentena, [3b4078cf8b0f89ad72925f46778d9c64],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\F7DF.tmp.exe, Quarentena, [8bf0dd6a8e0c58de24e0297c749053ad],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\725D.tmp.exe, Quarentena, [c7b42d1a4555bd796d97a9fcc53f649c],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\B60D.tmp.exe, Quarentena, [0d6e90b71882e551699bebba966e25db],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\8ED4.tmp.exe, Quarentena, [7cffb88f2f6b4ee833d144617391b050],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\6140.tmp.exe, Quarentena, [6a11d2754753063015ef45603aca38c8],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\B528.tmp.exe, Quarentena, [8fecb097d9c1c86e4bb992138381e31d],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\F076.tmp.exe, Quarentena, [85f64601a8f29f97ba4a5451bb49e41c],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\7D0B.tmp.exe, Quarentena, [8eed50f7584202340afae7be9d6742be],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\4CF9.tmp.exe, Quarentena, [2556a1a6108aff374bb904a107fd8878],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\E013.tmp.exe, Quarentena, [28539cab5d3ddd598480bbea9b69738d],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\F89E.tmp.exe, Quarentena, [9be0db6cb3e7a09634d0d9cc699b48b8],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\FA76.tmp.exe, Quarentena, [fe7def585446b680976dc6df0004e51b],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\41CB.tmp.exe, Quarentena, [b3c8b3946634e74ff50fc1e431d39868],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\47B0.tmp.exe, Quarentena, [9ae1e265dac081b54db7d9ccc63e9769],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\332.tmp.exe, Quarentena, [9fdc2225dbbf38fe4bb9772e0afa15eb],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\DA2E.tmp.exe, Quarentena, [d1aa78cfcdcdb68024e0802535cffd03],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\A445.tmp.exe, Quarentena, [7407f35415853204aa5a168f867e5fa1],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\ACB.tmp.exe, Quarentena, [22591532425881b50202d0d59f65f20e],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\345F.tmp.exe, Quarentena, [cead4ef99406e84ef80cc8ddf60e8f71],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\50A2.tmp.exe, Quarentena, [fd7e80c7cad006309f653e6774906898],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\46A.tmp.exe, Quarentena, [d6a5d7706f2bde58d331b9ec709428d8],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\89FE.tmp.exe, Quarentena, [84f79bace1b988aeee1645608f7534cc],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\C5FD.tmp.exe, Quarentena, [6417de69a1f96acc9f656540ab596c94],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\547B.tmp.exe, Quarentena, [f883d473702a9d99c4404065d133b44c],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\C6A0.tmp.exe, Quarentena, [32496bdca6f467cf996bacf9659f966a],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\155.tmp.exe, Quarentena, [cab1aa9d6d2d7bbbff05208514f0639d],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\3A7C.tmp.exe, Quarentena, [fd7ec87ffc9e66d03ec6f6af798be31d],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\479E.tmp.exe, Quarentena, [0d6ed6715d3d84b2bf45069f4eb6ed13],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\2B9B.tmp.exe, Quarentena, [26550a3d207a89adb94b693c5fa546ba],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\D46B.tmp.exe, Quarentena, [d0ab7bccb3e71b1b9f65663fa95b5ba5],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\29B2.tmp.exe, Quarentena, [accf2b1cbdddf640a55f9312af55f50b],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\765.tmp.exe, Quarentena, [a9d26add4e4c2313c93badf83bc9867a],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\190A.tmp.exe, Quarentena, [fb80ae99dac078be21e3b1f4877d37c9],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\56EF.tmp.exe, Quarentena, [116a6fd8a2f841f57d879e0762a2eb15],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\E37D.tmp.exe, Quarentena, [0279ea5d6634b680d3315550dc287c84],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\B45E.tmp.exe, Quarentena, [08739aad643643f318ecf3b27391c040],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\8003.tmp.exe, Quarentena, [0a716cdbdcbe0a2c91737b2ab74d0bf5],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\3B40.tmp.exe, Quarentena, [27541037eab0092d808425807490ff01],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\4BC0.tmp.exe, Quarentena, [3e3dbb8c1d7d86b012f28e1756ae57a9],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\1A92.tmp.exe, Quarentena, [95e62a1d861437ff5ea64b5a4eb653ad],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\55D5.tmp.exe, Quarentena, [8cef52f5cdcdc76f7d87b6ef5da74fb1],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\24F2.tmp.exe, Quarentena, [5427c6815a40ef47cc38b5f029db7987],
PUP.Optional.BundleInstaller, C:\Users\dbacha\AppData\Local\Temp\2355.tmp.exe, Quarentena, [94e799ae6e2cb87e05ff84214cb82fd1],
PUP.Optional.ConvertAd, C:\Windows\Temp\5215.tmp, Quarentena, [b3c8a3a4aaf00c2aa4be7b0d13ee52ae],
PUP.Optional.ConvertAd, C:\Windows\Temp\5254.tmp, Quarentena, [e398e95e049652e47be71177758c6997],
PUP.Optional.APNToolBar, C:\Users\dbacha\Downloads\KMPlayer_3.5.0.77_00_20130123015648.exe, Quarentena, [8eedf94e247610266a61b277629ffe02],
PUP.Optional.Montiera, C:\Users\dbacha\Downloads\MP3CutterSetup.exe, Quarentena, [c4b7a7a078223df9c927bed207fd7b85],
PUP.Optional.InstallCore, C:\Users\dbacha\Downloads\dev-c-50-beta-baixaki-32-bits.exe, Quarentena, [1f5cbe89c9d170c68457c9772dd444bc],
Trojan.Agent.E, C:\Users\dbacha\AppData\Local\Temp\1.tmp.exe, Quarentena, [a8d31d2a7b1ff3433cb1655a847f57a9],
Trojan.Agent.E, C:\Users\dbacha\AppData\Local\Temp\2.tmp.exe, Quarentena, [cab11f28564470c6ae3fe0dffd06f907],
Trojan.Agent.E, C:\Users\dbacha\AppData\Local\Temp\3.tmp.exe, Quarentena, [f88387c086141e18e904605fcd36d927],
Trojan.Agent.E, C:\Users\dbacha\AppData\Local\Temp\4.tmp.exe, Quarentena, [156673d47f1be1553fae8837b44f9070],
Trojan.Agent.E, C:\Users\dbacha\AppData\Local\Temp\5.tmp.exe, Quarentena, [f98291b6d7c384b221cc08b7b54e10f0],
Trojan.Agent.E, C:\Users\dbacha\AppData\Local\Temp\6.tmp.exe, Quarentena, [fa81c48367331c1a8b620fb08380768a],
Trojan.Agent.E, C:\Users\dbacha\AppData\Local\Temp\7.tmp.exe, Quarentena, [2f4ced5a079362d4eb0205ba5ba856aa],
Trojan.Agent.E, C:\Users\dbacha\AppData\Local\Temp\8.tmp.exe, Quarentena, [e79493b453472a0cc627774851b22cd4],
Trojan.Agent.E, C:\Users\dbacha\AppData\Local\Temp\9.tmp.exe, Quarentena, [512af750faa043f348a5655a2cd78080],
PUP.Optional.MorePowerfulCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC\MPC Cleaner.lnk, Quarentena, [98e300474753f145946ba4452ad9c838],

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

O novo log:

 


ZA-Scan V1.0.0.5 Updated 31-December-2015
Tool run by dbacha on 05/08/2016 at 18:15:20,16.
Microsoft Windows 10 Home Single Language 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dbacha\Desktop\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avp.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Users\dbacha\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\avpui.exe
C:\Users\dbacha\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\dbacha\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\dbacha\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
C:\Users\dbacha\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Users\dbacha\Desktop\ZA-Scan.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Users\dbacha\AppData\Local\Temp\ZAScan.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [ASLDRService] - ASLDR Service - c:\program files (x86)\asus\atk package\atk hotkey\asldrsrv.exe
R2 - [ASUS InstantOn] - ASUS InstantOn Service - c:\program files (x86)\asus\asus instanton\insonsrv.exe
R2 - [ATKGFNEXSrv] - ATKGFNEX Service - c:\program files (x86)\asus\atk package\atkgfnex\gfnexsrv.exe
R2 - [AVP16.0.1] - Serviço do Kaspersky Anti-Virus 16.0.1 - c:\program files (x86)\kaspersky lab\kaspersky total security 16.0.1\avp.exe
R2 - [Bonjour Service] - Serviço do Bonjour - c:\program files\bonjour\mdnsresponder.exe
R2 - [GbpSv] - Gbp Service - c:\progra~2\gbplugin\gbpsv.exe
R2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe
R2 - [IconMan_R] - IconMan_R - c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe
R2 - [igfxCUIService1.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
R2 - [Intel(R) ME Service] - Intel(R) ME Service - c:\program files (x86)\intel\intel(r) management engine components\fwservice\intelmefwservice.exe
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
R2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe
R2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe
R2 - [SQLBrowser] - SQL Server Browser - c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe
R2 - [SQLWriter] - SQL Server VSS Writer - c:\program files\microsoft sql server\90\shared\sqlwriter.exe
R2 - [Stereo Service] - NVIDIA Stereoscopic 3D Driver Service - c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
R2 - [WinDefend] - Serviço Windows Defender - c:\program files\windows defender\msmpeng.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R2 - [ZAtheros Bt&Wlan Coex Agent] - ZAtheros Bt&Wlan Coex Agent - c:\program files (x86)\bluetooth suite\ath_coexagent.exe
R3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
R3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender - c:\program files\windows defender\nissrv.exe
S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [MSSQL$TEW_SQLEXPRESS] - SQL Server (TEW_SQLEXPRESS) - c:\programdata\solidworks electrical\mssql12.tew_sqlexpress\mssql\binn\sqlservr.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Serviço Coletor ETW do Internet Explorer - c:\windows\system32\ieetwcollector.exe
S3 - [klvssbrigde64] - klvssbrigde64 - c:\program files (x86)\kaspersky lab\kaspersky total security 16.0.1\x64\vssbridge64.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
S3 - [rpcapd] - Remote Packet Capture Protocol v.0 (experimental) - c:\program files (x86)\winpcap\rpcapd.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
S4 - [SQLAgent$TEW_SQLEXPRESS] - SQL Server Agent (TEW_SQLEXPRESS) - c:\programdata\solidworks electrical\mssql12.tew_sqlexpress\mssql\binn\sqlagent.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
R0 - [WdFilter] - Driver de Minifiltro do Windows Defender - C:\WINDOWS\system32\Drivers\WdFilter.sys
R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
R2 - [srv] - Driver SMB 1.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys
R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
R0 - [cm_km] - Kaspersky Lab ZAO Cryptographic Module x64 (Weak) - C:\WINDOWS\system32\Drivers\cm_km.sys
R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
R0 - [disk] - Driver de disco - C:\WINDOWS\system32\Drivers\disk.sys
R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys
R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys
R0 - [kl1] - kl1 - C:\WINDOWS\system32\Drivers\kl1.sys
R0 - [klbackupdisk] - Kaspersky Lab klbackupdisk - C:\WINDOWS\system32\Drivers\klbackupdisk.sys
R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys
R0 - [nvpciflt] - nvpciflt - C:\WINDOWS\system32\Drivers\nvpciflt.sys
R0 - [partmgr] - Gerenciador de Partições - C:\WINDOWS\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
R0 - [spaceport] - Driver de Espaços de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\WINDOWS\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\WINDOWS\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys
R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
R0 - [WindowsTrustedRT] - Windows Trusted Execution Environment Class Extension - C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
R0 - [WindowsTrustedRTProxy] - Serviço de Proteção de Tempo de Execução Confiável do Microsoft Windows - C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
S0 - [klelam] - klelam - C:\WINDOWS\system32\Drivers\klelam.sys
S0 - [WdBoot] - Driver de Inicialização do Windows Defender - C:\WINDOWS\system32\Drivers\WdBoot.sys
S3 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys
S3 - [Tcpip6] - @todo.dll,-100;Microsoft IPv6 Protocol Driver - C:\WINDOWS\system32\Drivers\Tcpip6.sys [x]

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-4103568974-3575969232-579509045-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"Facebook Update"="C:\Users\dbacha\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Spotify Web Helper"="C:\Users\dbacha\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Spotify"="C:\Users\dbacha\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"HP Deskjet 3050 J610 series (NET)"="C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe -deviceID CN14N3C5RC05HX:NW -scfn HP Deskjet 3050 J610 series (NET) -AutoStart 1"
"OneDrive"="C:\Users\dbacha\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Google Update"="C:\Users\dbacha\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Google Photos Backup"="C:\Users\dbacha\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RemoteControl10"="C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
"UpdatePSTShortCut"="C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Cyberlink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter"
"ASUS InstantKey"="C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"Facebook Update"="C:\Users\dbacha\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"Spotify Web Helper"="C:\Users\dbacha\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Spotify"="C:\Users\dbacha\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"HP Deskjet 3050 J610 series (NET)"="C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe -deviceID CN14N3C5RC05HX:NW -scfn HP Deskjet 3050 J610 series (NET) -AutoStart 1"
"OneDrive"="C:\Users\dbacha\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Google Update"="C:\Users\dbacha\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Google Photos Backup"="C:\Users\dbacha\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe /autostart"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\SysWOW64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 "
"BtTray"="C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"ACMON"="C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\nvinitx.dll"

==== Startup Folders ======================

2015-08-17 15:59:44    1718    --sha-w-    C:\Users\dbacha\AppData\Roaming\Microsoft\LastFlashConfig.wfc

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4103568974-3575969232-579509045-1004Core.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4103568974-3575969232-579509045-1004UA.job --a-------- C:\Users\dbacha\AppData\Local\Facebook\Update\FacebookUpdate.exe [15/06/2014 19:23]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:6C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/08/2016 14:08]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4103568974-3575969232-579509045-1004Core.job --a-------- C:\Users\dbacha\AppData\Local\Google\Update\GoogleUpdate.exe [14/06/2016 16:47]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4103568974-3575969232-579509045-1004UA.job --a-------- C:\Users\dbacha\AppData\Local\Google\Update\GoogleUpdate.exe [14/06/2016 16:47]
C:\WINDOWS\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a-------- C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []
C:\WINDOWS\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a-------- C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\ASUS InstantOn Config" [C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe]
"C:\WINDOWS\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]
"C:\WINDOWS\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]
"C:\WINDOWS\SysNative\tasks\ASUS Smart Gesture Launcher" [C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe]
"C:\WINDOWS\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"]
"C:\WINDOWS\SysNative\tasks\avastBCLRestart_chrome.exe" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
"C:\WINDOWS\SysNative\tasks\Baidu PC Faster Update" ["$szInstallingDir\Updater.exe"]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-4103568974-3575969232-579509045-1004Core" [C:\Users\dbacha\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-4103568974-3575969232-579509045-1004UA" [C:\Users\dbacha\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4103568974-3575969232-579509045-1004Core" [C:\Users\dbacha\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4103568974-3575969232-579509045-1004UA" [C:\Users\dbacha\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe]
"C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi" [28/04/2016 22:10]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\dbacha\AppData\Roaming\Mozilla\Firefox\Profiles\4097twwm.default
3EE8AE0ECFE5D79DE1737A855AD1E84C    - C:\Users\dbacha\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll -    Google Update
3CD19649B2C3023D65E67C056457A2BC    - C:\Users\dbacha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin
20FF20FBC1F20ADEC0AD6AF98ABE9545    - C:\Users\dbacha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -    Google Talk Plugin
57D28190C994AD5E9B1007FB2259393A    - C:\Users\dbacha\AppData\Roaming\Mozilla\plugins\npo1d.dll -    Google Talk Plugin Video Renderer


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lpeeaghdjmhlakojjcgfdhgcejdaefmi - https://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\dbacha\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[20/05/2014 10:45]

Google Docs - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky Protection - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka
Facebook Disconnect - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec
Google Docs Offline - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Whitelisted domains - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Web Store Payments - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AT_DJTiesto - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip
GBBD Banco do Brasil - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - dbacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131147122880186969&GUID=30A842E1-8B58-4252-8FCF-98E6E28A04DD"
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
HKLM\Wow6432Node\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {03993315-5CE9-4F00-8790-D14A94F1D91A} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\IEExt\ie_plugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{c39a52d2-fdb0-4160-ae4f-abf3524626a0}: NameServer = 87.118.74.138,8.8.8.8

==== EOF on 05/08/2016 at 18:21:43,88 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

createsrpoint;
shortcutfix;
ffdefaults;
chrdefaults;
resetwmi;
resetieproxy;
network.proxy;ff
emptyclsid;
msconfigcheck;
autoclean;
ipconfig /flushdns >>"%temp%\log.txt";b

Salve este arquivo na unidade C: como zascript

Novamente, execute o ZA-Scan.exe e aguarde.
Copie e cole o conteúdo desse arquivo em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

 

CarlosTurco

diego_moicano

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×