Ir ao conteúdo
  • Cadastre-se
Jung Chaeyeon

Cmd abrindo sozinho e configurações de lan sendo modificadas

Recommended Posts

Boa noite! Desde a tarde de quinta, 27 de outubro, meu computador tem se comportado de maneira não usual.

 

Ainda que, por motivos pessoais, considere remota a possibilidade de ter sido vítima de métodos de espionagem invasivos protagonizados por terceiros, uma série de anomalias sintomatizam a incidência de malwares. A primeira delas é o fato de que meu prompt de comando, o "cmd", está abrindo e fechando rapidamente, incapacitando-me de ler o que está escrito. Ainda assim, fui capaz de ler os dizeres "system32" e "ipconfig" em um vislumbre de um milésimo. Visitei outros tópicos do fórum que tratavam sobre o assunto e não encontrei solução.

 

Fora isso, o servidor proxy está sendo marcado de forma involuntária (http://prntscr.com/czuu8u). Anteriormente, quando iniciava meu computador, ele já se encontrava marcado e eu só precisava desmarcar a opção "Usar um servidor proxy para a rede local (estas configurações não se aplicam a conexões discadas ou VPN)". O ocorrido está prejudicando a estabilidade de minha conexão, incidindo na substituição de pesquisas padrões pelo Google por um "Google Custom Search" e impedindo-me de realizar conferências via Skype.

 

Busco solução para ambos os problemas, ainda que acredite que estejam conectados de alguma forma, oportunizados pelo ataque de Malwares. Agradeço desde já!

 

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Jung Chaeyeon

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito.
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta anexando o log do ZA-Scan, de acordo com essas instruções:

http://forum.clubedohardware.com.br/topic/1105783-como-criar-seu-t%C3%B3pico/

 

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

aqui está:
 


ZA-Scan V1.0.0.5 Updated 19-September-2016
Tool run by Master on 31/10/2016 at 13:44:07,52.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Master\Downloads\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\ProgramData\Windows Security\winsecurity.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Master\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Master\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
C:\Users\Master\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Master\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Master\Downloads\ZA-Scan.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Users\Master\AppData\Local\Temp\ZAScan.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet

==== Services(whitelist) ======================
Powered by E Dev

R2 - [WindowsSecurity] - Windows Security - c:\programdata\windows security\winsecurity.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
S2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe [x]
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files\microsoft office\office12\grooveauditservice.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Serviço de Tecnologias de Ativação do Windows - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S4 - [Apple Mobile Device] - Apple Mobile Device - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
S4 - [Bonjour Service] - Serviço do Bonjour - c:\program files\bonjour\mdnsresponder.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [egGetSvc] - egGetSvc - c:\program files\eagleget\egmonitor.exe
S4 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files\google\update\googleupdate.exe
S4 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files\google\update\googleupdate.exe
S4 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
S4 - [LiveUpdateSvc] - LiveUpdate - c:\program files\iobit\liveupdate\liveupdate.exe
S4 - [ManyCam Service] - ManyCam Service - c:\programdata\manycam\service\manycamservice.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys
R0 - [iaStorF] - iaStorF - C:\Windows\system32\Drivers\iaStorF.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wd] - Driver de Watchdog da Microsoft - C:\Windows\system32\Drivers\Wd.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3822383361-1103176277-1298718716-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Master\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Master\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"GoogleChromeAutoLaunch_10C9933D0F6F7947DC35F397EE3EFA3C"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Master\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Master\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"GoogleChromeAutoLaunch_10C9933D0F6F7947DC35F397EE3EFA3C"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lightshot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Lightshot"
"hkey"="HKLM"
"command"="C:\\Program Files\\Skillbrains\\lightshot\\Lightshot.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\egGetSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ManyCam Service]


==== Startup Folders ======================

2016-01-13 20:22:39    1282    ----a-w-    C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26/10/2016 22:06]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/09/2015 22:22]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/09/2015 22:22]
C:\Windows\tasks\update-S-1-5-21-3822383361-1103176277-1298718716-1000.job --a------ C:\Program Files\Skillbrains\Updater\Updater.exe [28/11/2014 13:29]
C:\Windows\tasks\update-sys.job --a------ C:\Program Files\Skillbrains\Updater\Updater.exe [28/11/2014 13:29]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Uninstaller_SkipUac_Master" [C:\Users\Master\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\system32\tasks\update-S-1-5-21-3822383361-1103176277-1298718716-1000" [C:\Program Files\Skillbrains\Updater\Updater.exe]
"C:\Windows\system32\tasks\update-sys" [C:\Program Files\Skillbrains\Updater\Updater.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome Found
Fake profile C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome Found

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
kaebhgioafceeldhgjmendlfhbfjefmo - C:\Program Files\EagleGet\addon\eagleget_cext@eagleget.com.crx[03/06/2016 16:41]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kaebhgioafceeldhgjmendlfhbfjefmo - C:\Program Files\EagleGet\addon\eagleget_cext@eagleget.com.crx[03/06/2016 16:41]

Google Slides - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Chrome Web Store Payments - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Netflix Party - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa
Chrome Media Router - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP"
"Search Page"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Default_Search_URL"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Default_Page_URL"="http://nav.brotstation.com?uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Search Page"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_strmio_16_26&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0B0E0E0Ezz0ByD0CtD0C0AtN0D0Tzu0StCyCyEyDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEzy0AtB0E0FyEtGyB0ByC0AtGyCyDyBtBtGyC0EzyzytGyD0B0AtAtA0DyCtAzy0CtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtB0C0AzyyByE0CtG0CtAzy0BtGyE0ByDtCtG0Azy0D0AtG0CtCtByDyDzzyB0A0AzytDzz2QtN0A0LzutB%26cr%3D972918913%26a%3Dwncy_strmio_16_26%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{E921F400-D383-4B1B-9DE6-FCFCACFC1173}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} - No_Url_Value
HKLM\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_strmio_16_26¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0B0E0E0Ezz0ByD0CtD0C0AtN0D0Tzu0StCyCyEyDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEzy0AtB0E0FyEtGyB0ByC0AtGyCyDyBtBtGyC0EzyzytGyD0B0AtAtA0DyCtAzy0CtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtB0C0AzyyByE0CtG0CtAzy0BtGyE0ByDtCtG0Azy0D0AtG0CtCtByDyDzzyB0A0AzytDzz2QtN0A0LzutB%26cr%3D972918913%26a%3Dwncy_strmio_16_26%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
HKLM\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - No_Url_Value
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF} - No_Url_Value
HKCU\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - No_Url_Value

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nav.brotstation.com?uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Users\Master\IObit Uninstaller\UninstallExplorer.dll
O2 - BHO: bteagleget.com - {1E871FF8-029C-4732-8AA7-39E3D3872057} - C:\Program Files\EagleGet\eagleSniffer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

==== EOF on 31/10/2016 at 13:51:02,78 ======================
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

ZA-Scan V1.0.0.5 Updated 19-September-2016
Tool run by Master on 07/11/2016 at  1:24:09,03.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Master\Desktop\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\spoolsv.exe
C:\ProgramData\Windows Security\winsecurity.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Master\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\rundll32.exe
C:\Users\Master\AppData\Local\Temp\ZAScan.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k WerSvcGroup

==== Services(whitelist) ======================
Powered by E Dev

R2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
R2 - [WindowsSecurity] - Windows Security - c:\programdata\windows security\winsecurity.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe [x]
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files\microsoft office\office12\grooveauditservice.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Serviço de Tecnologias de Ativação do Windows - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S4 - [Apple Mobile Device] - Apple Mobile Device - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
S4 - [Bonjour Service] - Serviço do Bonjour - c:\program files\bonjour\mdnsresponder.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [egGetSvc] - egGetSvc - c:\program files\eagleget\egmonitor.exe
S4 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files\google\update\googleupdate.exe
S4 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files\google\update\googleupdate.exe
S4 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
S4 - [LiveUpdateSvc] - LiveUpdate - c:\program files\iobit\liveupdate\liveupdate.exe
S4 - [ManyCam Service] - ManyCam Service - c:\programdata\manycam\service\manycamservice.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [iaStorA] - iaStorA - C:\Windows\system32\Drivers\iaStorA.sys
R0 - [iaStorF] - iaStorF - C:\Windows\system32\Drivers\iaStorF.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wd] - Driver de Watchdog da Microsoft - C:\Windows\system32\Drivers\Wd.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3822383361-1103176277-1298718716-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Master\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Master\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"GoogleChromeAutoLaunch_10C9933D0F6F7947DC35F397EE3EFA3C"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Master\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Spotify"="C:\Users\Master\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"GoogleChromeAutoLaunch_10C9933D0F6F7947DC35F397EE3EFA3C"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lightshot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Lightshot"
"hkey"="HKLM"
"command"="C:\\Program Files\\Skillbrains\\lightshot\\Lightshot.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\egGetSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ManyCam Service]


==== Startup Folders ======================

2016-01-13 20:22:39    1282    ----a-w-    C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [26/10/2016 22:06]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/09/2015 22:22]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02/09/2015 22:22]
C:\Windows\tasks\update-S-1-5-21-3822383361-1103176277-1298718716-1000.job --a------ C:\Program Files\Skillbrains\Updater\Updater.exe [28/11/2014 13:29]
C:\Windows\tasks\update-sys.job --a------ C:\Program Files\Skillbrains\Updater\Updater.exe [28/11/2014 13:29]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Uninstaller_SkipUac_Master" [C:\Users\Master\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\system32\tasks\update-S-1-5-21-3822383361-1103176277-1298718716-1000" [C:\Program Files\Skillbrains\Updater\Updater.exe]
"C:\Windows\system32\tasks\update-sys" [C:\Program Files\Skillbrains\Updater\Updater.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome Found
Fake profile C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome Found

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
kaebhgioafceeldhgjmendlfhbfjefmo - C:\Program Files\EagleGet\addon\eagleget_cext@eagleget.com.crx[03/06/2016 16:41]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kaebhgioafceeldhgjmendlfhbfjefmo - C:\Program Files\EagleGet\addon\eagleget_cext@eagleget.com.crx[03/06/2016 16:41]

Google Slides - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Chrome Web Store Payments - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Netflix Party - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa
Chrome Media Router - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP"
"Search Page"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Default_Search_URL"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Default_Page_URL"="http://nav.brotstation.com?uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Search Page"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_strmio_16_26&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0B0E0E0Ezz0ByD0CtD0C0AtN0D0Tzu0StCyCyEyDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEzy0AtB0E0FyEtGyB0ByC0AtGyCyDyBtBtGyC0EzyzytGyD0B0AtAtA0DyCtAzy0CtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtB0C0AzyyByE0CtG0CtAzy0BtGyE0ByDtCtG0Azy0D0AtG0CtCtByDyDzzyB0A0AzytDzz2QtN0A0LzutB%26cr%3D972918913%26a%3Dwncy_strmio_16_26%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{E921F400-D383-4B1B-9DE6-FCFCACFC1173}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} - No_Url_Value
HKLM\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_strmio_16_26¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0B0E0E0Ezz0ByD0CtD0C0AtN0D0Tzu0StCyCyEyDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEzy0AtB0E0FyEtGyB0ByC0AtGyCyDyBtBtGyC0EzyzytGyD0B0AtAtA0DyCtAzy0CtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtB0C0AzyyByE0CtG0CtAzy0BtGyE0ByDtCtG0Azy0D0AtG0CtCtByDyDzzyB0A0AzytDzz2QtN0A0LzutB%26cr%3D972918913%26a%3Dwncy_strmio_16_26%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
HKLM\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - No_Url_Value
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF} - No_Url_Value
HKCU\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - No_Url_Value

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nav.brotstation.com?uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Users\Master\IObit Uninstaller\UninstallExplorer.dll
O2 - BHO: bteagleget.com - {1E871FF8-029C-4732-8AA7-39E3D3872057} - C:\Program Files\EagleGet\eagleSniffer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

==== EOF on 07/11/2016 at  1:35:31,13 ======================
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Jung Chaeyeon

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

createsrpoint;
shortcutfix;
ffdefaults;
chrdefaults;
resetwmi;
resetieproxy;
network.proxy;ff
emptyclsid;
msconfigcheck;
autoclean;
ipconfig /flushdns >>"%temp%\log.txt";b

Salve este arquivo na Área de Trabalho (Desktop) como zascript

Novamente, execute o ZA-Scan.exe e aguarde.
Copie e cole o conteúdo desse arquivo em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ZA-Scan V1.0.0.5 Updated 19-September-2016
Tool run by Master on 07/11/2016 at 23:53:54,73.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Master\Desktop\ZA-Scan.exe
Script used: C:\Users\Master\Desktop\zascript.txt

==== System Restore Info ======================

07/11/2016 23:59:39 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Master\AppData\Roaming\ntsvc deleted successfully
C:\Users\Master\AppData\Roaming\XXXX deleted successfully
C:\Users\Master\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Master\AppData\Local\EmieSiteList deleted successfully
C:\Users\Master\AppData\Local\EmieUserList deleted successfully
C:\Users\Master\AppData\Local\Skype deleted successfully
C:\Users\Master\AppData\Local\Unity deleted successfully
C:\Users\Master\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeARMservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AdobeARMservice deleted successfully

==== Batch Command(s) Run By Tool======================


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

==== Deleting Files \ Folders ======================

C:\Program Files\Arquivos Comuns deleted
C:\Users\Master\AppData\Roaming\stremio deleted
C:\Program Files\Skillbrains deleted
C:\Program Files\baidu deleted
C:\Users\Master\AppData\Roaming\WB.CFG deleted
C:\Users\Master\AppData\Roaming\VDownloader deleted
C:\Users\Master\AppData\Roaming\ProductData deleted
C:\Users\Master\AppData\Roaming\searchult deleted
C:\PROGRA~2\DynuEncrypt.dll deleted
C:\PROGRA~2\ProductData deleted
C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Master\AppData\Local\updater.log deleted
C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url deleted
C:\Users\Master\AppData\LocalLow\Unity deleted
C:\Windows\system32\tasks\update-S-1-5-21-3822383361-1103176277-1298718716-1000 deleted
C:\Windows\system32\tasks\update-sys deleted
C:\Windows\tasks\update-S-1-5-21-3822383361-1103176277-1298718716-1000.job deleted
C:\Windows\tasks\update-sys.job deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Windows\System32\InstallUtil.InstallLog deleted

==== Orphaned Tasks deleted from Registry ======================

update-sys deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome deleted
Fake profile C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
kaebhgioafceeldhgjmendlfhbfjefmo - C:\Program Files\EagleGet\addon\eagleget_cext@eagleget.com.crx[03/06/2016 16:41]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kaebhgioafceeldhgjmendlfhbfjefmo - C:\Program Files\EagleGet\addon\eagleget_cext@eagleget.com.crx[03/06/2016 16:41]

Chrome Media Router - Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP"
"Search Page"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Default_Search_URL"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Default_Page_URL"="http://nav.brotstation.com?uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Search Page"="http://search.navegaki.com?q={searchTerms}&uid={bf3cfaf5f77b4528b32e25594caaa851}&r=eg"
"Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_strmio_16_26&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0B0E0E0Ezz0ByD0CtD0C0AtN0D0Tzu0StCyCyEyDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEzy0AtB0E0FyEtGyB0ByC0AtGyCyDyBtBtGyC0EzyzytGyD0B0AtAtA0DyCtAzy0CtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtB0C0AzyyByE0CtG0CtAzy0BtGyE0ByDtCtG0Azy0D0AtG0CtCtByDyDzzyB0A0AzytDzz2QtN0A0LzutB%26cr%3D972918913%26a%3Dwncy_strmio_16_26%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{E921F400-D383-4B1B-9DE6-FCFCACFC1173}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} - No_Url_Value
HKLM\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_strmio_16_26¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0D0EtB0B0E0E0Ezz0ByD0CtD0C0AtN0D0Tzu0StCyCyEyDtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEzy0AtB0E0FyEtGyB0ByC0AtGyCyDyBtBtGyC0EzyzytGyD0B0AtAtA0DyCtAzy0CtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtB0C0AzyyByE0CtG0CtAzy0BtGyE0ByDtCtG0Azy0D0AtG0CtCtByDyDzzyB0A0AzytDzz2QtN0A0LzutB%26cr%3D972918913%26a%3Dwncy_strmio_16_26%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
HKLM\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - No_Url_Value
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF} - No_Url_Value
HKCU\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} - No_Url_Value

==== Reset Google Chrome ======================

C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.copy was reset successfully
C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Default\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Default User\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Master\Desktop\Alterar as configurações de arquivos de Internet temporários - Atalho.lnk -  
C:\Users\Master\Desktop\BACKUP.lnk - C:\BACKUP 
C:\Users\Master\Desktop\Calculator.lnk - C:\Windows\system32\calc.exe 
C:\Users\Master\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Master\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe 
C:\Users\Master\Desktop\Microsoft Office PowerPoint 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe 
C:\Users\Master\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe 
C:\Users\Master\Desktop\Nero Express.lnk - C:\Windows\Installer\{70550193-1C22-445C-8FA4-564E155DB1A7}\NeroExpress.exe_81A8FD91A6494AD5B4998149EAAC7E7C.exe 
C:\Users\Master\Desktop\Nero StartSmart.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\NeroStartSmart.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe 
C:\Users\Master\Desktop\Notepad.lnk - C:\Windows\system32\notepad.exe 
C:\Users\Master\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe 
C:\Users\Master\Desktop\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe 
C:\Users\Master\Desktop\Spotify.lnk - C:\Users\Master\AppData\Roaming\Spotify\Spotify.exe 
C:\Users\Master\Desktop\trabalhos\gramatica\adjetivo\am gram.lnk - C:\Users\Master\Downloads\capa (1).doc 
C:\Users\Master\Desktop\trabalhos\literatura\poema\trab julia.lnk - C:\Users\Master\Downloads\AM LIT.doc 
C:\Users\Master\Desktop\trabalhos\quimica\relatrio 1\relatário 1.lnk -  
C:\Users\USURIO~1\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe 
C:\Users\Public\Desktop\EagleGet.lnk - C:\Program Files\EagleGet\EagleGet.exe 
C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Users\Master\IObit Uninstaller\Uninstaler_SkipUac.exe 
C:\Users\Public\Desktop\IPShifter.lnk - C:\Program Files\ZqWare\IPShifter\IPShifter.exe 
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe 
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\ManyCam.lnk - C:\Program Files\ManyCam\ManyCam.exe 
C:\Users\Public\Desktop\MorphVOX Pro.lnk - C:\Program Files\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe 
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files\Origin\Origin.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe 
C:\Users\Public\Desktop\Slice Audio File Splitter.lnk - C:\Program Files\NCH Swift Sound\Slice\slice.exe 
C:\Users\Public\Desktop\The SimsT 3 Caindo na Noite.lnk -  
C:\Users\Public\Desktop\The Sims™ 3 Caindo na Noite.lnk -  
C:\Users\Public\Desktop\The Sims™ 3 Sobrenatural.lnk -  
C:\Users\Public\Desktop\The Sims™ 3.lnk -  

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_111\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_111\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\ManyCam.lnk - C:\Program Files\ManyCam\ManyCam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\Reset settings.lnk - C:\Program Files\ManyCam\ManyCam.exe --remove-settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\Uninstall ManyCam.lnk - C:\Program Files\ManyCam\uninstall.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk - C:\Program Files\ManyCam\ManyCam.exe 
C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe 
C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:8080;https=127.0.0.1:8080"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lightshot deleted successfully

==== Empty IE Cache ======================

C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CX3QKTNY will be deleted at reboot
C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIBJ176D will be deleted at reboot
C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KISLVGQ3 will be deleted at reboot
C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDKJMNDR will be deleted at reboot
C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RMPV0M5R will be deleted at reboot
C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7NKBE3D will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== Reset WMI ======================

Os seguintes servi‡os sÆo dependentes do servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows.
Finalizar o servi‡o Testador de instrumenta‡Æo de gerenciam. do Windows tamb‚m finalizar  estes servi‡os.

   Auxiliar de IP

O servi‡o de Auxiliar de IP est  sendo finalizado .
O servi‡o de Auxiliar de IP foi finalizado com ˆxito.

O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows est  sendo finalizado .
O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows foi finalizado com ˆxito.

C:\Windows\system32\wbem\repository renamed to repository.old

==== Empty Temp Folders ======================

C:\Users\Administrador\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Master\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Master\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CX3QKTNY" not found
"C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIBJ176D" not found
"C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KISLVGQ3" not found
"C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDKJMNDR" not found
"C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RMPV0M5R" not found
"C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7NKBE3D" not found

==== EOF on 08/11/2016 at  0:23:28,99 ======================
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log ADWCLEANER:
 

# AdwCleaner v6.030 - Relatório criado 08/11/2016 às 22:00:39
# *Updated on 19/10/2016 by Malwarebytes
# Banco de dados : 2016-11-08.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X86)
# Usuário : Master - MASTER-PC
# Executando de : C:\Users\Master\Desktop\adwcleaner_6.030.exe
# Limpar
# Apoio : hxxps://www.malwarebytes.com/support

***** [ Serviços ] *****

[-] Políticas do IE excluídasWindowsSecurity
[-] Políticas do IE excluídasEsgScanner


***** [ Pastas ] *****

[-] RestauradoC:\Users\Administrador\AppData\Roaming\Elex-tech
[-] RestauradoC:\ProgramData\Windows Security
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\Windows Security
[-] RestauradoC:\Program Files\SkypeUpdateEx
[-] RestauradoC:\Windows\system32\config\systemprofile\AppData\Roaming\ntsvc


***** [ Arquivos ] *****

[-] RestauradoC:\Windows\system32\drivers\EsgScanner.sys


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Tarefas agendadas ] *****

***** [ Registro ] *****

[-] RestauradoHKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{E056AFDD-03E9-4D73-8D33-8FCCBCA73438}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] RestauradoHKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{E056AFDD-03E9-4D73-8D33-8FCCBCA73438}]
[-] RestauradoHKU\S-1-5-21-3822383361-1103176277-1298718716-1000\Software\PRODUCTSETUP
[-] RestauradoHKU\S-1-5-21-3822383361-1103176277-1298718716-1000\Software\csastats
[#] *Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] *Key deleted on reboot: HKCU\Software\csastats
[-] RestauradoHKLM\SOFTWARE\SkypeUpdateEx
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
[-] RestauradoHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Search Page] 
[-] RestauradoHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] RestauradoHKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [Search Page] 
[-] RestauradoHKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] 
[-] RestauradoHKU\S-1-5-21-3822383361-1103176277-1298718716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] RestauradoHKU\S-1-5-21-3822383361-1103176277-1298718716-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[-] RestauradoHKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iSafeSvc2.exe


***** [ Verificando navegadores ... ] *****

*************************

:: Políticas do IE excluídas
:: Políticas do Chrome excluídas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [10490 *Bytes] - [08/11/2016 22:00:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [10579 *Bytes] - [08/11/2016 21:58:53]########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10640 *Bytes] ##########


Log JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Ultimate x86 
Ran by Master (Administrator) on 08/11/2016 at 22:12:40,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 9 

Failed to delete: C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I53XQ88J (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0HWZ5S6 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KK904SBG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_Master (Task)
Successfully deleted: C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWX83A3A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I53XQ88J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0HWZ5S6 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KK904SBG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWX83A3A (Temporary Internet Files Folder) 

Registry: 6 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_10C9933D0F6F7947DC35F397EE3EFA3C (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/11/2016 at 22:18:08,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Log ZHPCleaner

 

~ ZHPCleaner v2016.11.8.191 by Nicolas Coolman (2016/11/08)
~ Run by Master (Administrator)  (08/11/2016 22:36:26)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Master\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Master\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Serviços (0)


---\\  Navegadores de Internet (1)
SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\Default [Bad : 1http=127.0.0.1:8080;https=127.0.0.1:8080]  =>Hijacker.Proxy


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (19)
MOVIDO pasta: C:\Users\Master\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk  [Bad : C:\Program Files\ManyCam\ManyCam.exe](.Visicom Media Inc..)  =>.Superfluous.VisicomMedia
MOVIDO pasta: C:\Users\Public\Desktop\ManyCam.lnk  [Bad : C:\Program Files\ManyCam\ManyCam.exe](.Visicom Media Inc..)  =>.Superfluous.VisicomMedia
MOVIDO pasta: C:\Windows\System32\drivers\mcvidrv.sys [Visicom Media Inc. - ManyCam Virtual Webcam Driver]  =>.Superfluous.VisicomMedia
MOVIDO pasta: C:\ProgramData\ManyCam\Service\ManyCamService.exe [Visicom Media Inc. - ManyCam Service]  =>.Superfluous.VisicomMedia
MOVIDO pasta: C:\Windows\System32\drivers\mcaudrv.sys [Visicom Media Inc. - ManyCam Virtual Microphone]  =>.Superfluous.VisicomMedia
MOVIDO pasta: C:\Windows\Installer\wix{774088D4-0777-4D78-904D-E435B318F5D2}.SchedServiceConfig.rmi    =>.Superfluous.Empty
MOVIDO pasta: C:\Windows\Installer\wix{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}.SchedServiceConfig.rmi    =>.Superfluous.Empty
MOVIDO pasta: C:\Users\Master\Downloads\ManyCamWebInstaller (1).exe [Visicom Media inc. - ManyCam Installer]  =>PUP.Optional.StartSearch
MOVIDO pasta: C:\Users\Master\Downloads\ManyCamWebInstaller.exe [Visicom Media inc. - ManyCam Installer]  =>PUP.Optional.StartSearch
MOVIDO pasta: C:\Users\Master\Downloads\setup-lightshot.exe [Skillbrains - lightshot Setup]  =>.Superfluous.Skillbrains
MOVIDO pasta: C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_affiliate.navegaki.com_0.localstorage    =>PUP.Optional.Navegaki
MOVIDO pasta: C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_affiliate.navegaki.com_0.localstorage-journal    =>PUP.Optional.Navegaki
MOVIDO arquivo: C:\Program Files\ManyCam  =>.Superfluous.VisicomMedia
MOVIDO arquivo: C:\ProgramData\ManyCam  =>.Superfluous.VisicomMedia
MOVIDO arquivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam  =>.Superfluous.VisicomMedia
MOVIDO arquivo: C:\Users\Master\AppData\Roaming\ManyCam  =>.Superfluous.VisicomMedia
MOVIDO arquivo: C:\Users\Master\AppData\Local\ManyCam  =>.Superfluous.VisicomMedia
MOVIDO arquivo: C:\Users\Master\AppData\Local\Temp\scoped_dir5260_26628  =>.Superfluous.Temporary.Steam
MOVIDO arquivo: C:\ProgramData\Microsoft\Network\Dsq  =>PUP.Optional.WindowsSecurity


---\\  Registro ( Chaves, Valores, Dados ) (29)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\ManyCam [C:\Windows\System32\drivers\mcvidrv.sys (Not File)]  =>.Superfluous.VisicomMedia
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\ManyCam Service [C:\ProgramData\ManyCam\Service\ManyCamService.exe (Not File)]  =>.Superfluous.VisicomMedia
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\mcaudrv_simple [C:\Windows\System32\drivers\mcaudrv.sys (Not File)]  =>.Superfluous.VisicomMedia
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-3822383361-1103176277-1298718716-1000\SOFTWARE\SkillBrains []  =>.Superfluous.Skillbrains
SUPRIMIDO chave: HKCU\Software\SkillBrains []  =>.Superfluous.Skillbrains
SUPRIMIDO chave*: HKLM\SOFTWARE\Skillbrains []  =>.Superfluous.Skillbrains
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 []  =>PUP.Optional.MyPCBackup
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS []  =>PUP.Optional.MyPCBackup
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 []  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS []  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SmarterPowerUntemp_RASAPI32 []  =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SmarterPowerUntemp_RASMANCS []  =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASAPI32 []  =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASMANCS []  =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\updateSmarterPower_RASAPI32 []  =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\updateSmarterPower_RASMANCS []  =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\utilSmarterPower_RASAPI32 []  =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\utilSmarterPower_RASMANCS []  =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32 []  =>PUP.Optional.Wajam
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS []  =>PUP.Optional.Wajam
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 []  =>PUP.Optional.Wajam
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS []  =>PUP.Optional.Wajam
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32 []  =>PUP.Optional.Wajam
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS []  =>PUP.Optional.Wajam
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 []  =>PUP.Optional.Wajam
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS []  =>PUP.Optional.Wajam
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ManyCam [Visicom Media Inc.]  =>.Superfluous.VisicomMedia
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains]  =>.Superfluous.Skillbrains
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect


---\\  Resumo dos elementos encontrados na sua estação de trabalho (13)
https://www.anti-malware.top/2016/06/09/pirate-de-serveur-proxy-hijacker-proxy/  =>Hijacker.Proxy
https://www.anti-malware.top/2016/05/06/superfluous-visicommedia/  =>.Superfluous.VisicomMedia
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.Empty
https://www.nicolascoolman.com/fr/pup-optional-startsearch/  =>PUP.Optional.StartSearch
https://www.anti-malware.top/2016/04/30/superfluous-skillbrains/  =>.Superfluous.Skillbrains
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.Navegaki
https://www.nicolascoolman.com/fr/logiciels-superflus  =>.Superfluous.Temporary.Steam
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.WindowsSecurity
https://www.nicolascoolman.com/fr/pup-mypcbackup/  =>PUP.Optional.MyPCBackup
https://www.nicolascoolman.com/fr/adware-imbooster/  =>PUP.Optional.IMBooster
https://www.nicolascoolman.com/fr/pup-smarterpower/  =>PUP.Optional.SmarterPower
https://www.anti-malware.top/2016/05/07/pup-optional-wajam/  =>PUP.Optional.Wajam
https://www.anti-malware.top/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect


---\\  Dodatkowe oczyszczenie. (61)
~ Chave de registro Tracing Supprimido (61)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Mozilla Firefox)
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 392
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 50


~ End of clean in 00h00mn46s
~====================
ZHPCleaner-[R]-08112016-22_37_12.txt
ZHPCleaner--08112016-22_35_46.txt
 

Editado por Jung Chaeyeon

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Jung Chaeyeon

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)


Clique duas vezes para executar a ferramenta.

  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.

Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).

Selecione, copie e cole o conteúdo do log FRST.txt em sua próxima resposta.

Anexe o log Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×