Ir ao conteúdo
  • Cadastre-se
abuZado

Análise de log

Recommended Posts


ZA-Scan V1.0.0.5 Updated 30-09-2015
Tool run by ten on 08/11/2016 at 13:12:06,97.
Microsoft Windows 10 Home Single Language 10.0.14393  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\ten\Desktop\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Users\ten\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe
C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
C:\Users\ten\Desktop\ZA-Scan.exe
C:\WINDOWS\SysWoW64\cmd.exe
C:\WINDOWS\SysWoW64\cmd.exe
C:\WINDOWS\SysWoW64\cmd.exe
C:\Users\TEN~1.FUZ\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsr64.exe
R2 - [CommandHandler] - Command Service(CommandHandler) - c:\program files (x86)\firefox\bin\firefoxcommand.exe
R2 - [DbxSvc] - DbxSvc - c:\windows\system32\dbxsvc.exe
R2 - [FirefoxU] - Update Service(FirefoxU) - c:\program files (x86)\firefox\bin\firefoxupdate.exe
R2 - [GbpSv] - Gbp Service - c:\progra~2\gbplugin\gbpsv.exe
R2 - [HPSupportSolutionsFrameworkService] - HP Support Solutions Framework Service - c:\program files (x86)\hewlett-packard\hp support solutions\hpsupportsolutionsframeworkservice.exe
R2 - [igfxCUIService2.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files\intel\intel(r) management engine components\dal\jhi_service.exe
R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files\intel\intel(r) management engine components\lms\lms.exe
R2 - [omniserv] -  HP SimplePass Service - c:\program files\hewlett-packard\simplepass\omniserv.exe
R2 - [RichVideo64] - Cyberlink RichVideo64 Service(CRVS) - c:\program files\cyberlink\shared files\richvideo64.exe
R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe
R2 - [SpyHunter 4 Service] - SpyHunter 4 Service - c:\progra~2\enigma~1\spyhun~1\sh4ser~1.exe
R2 - [Warsaw Technology] - Warsaw Technology - c:\program files\diebold\warsaw\core.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R3 - [Intel(R) Security Assist] - Intel(R) Security Assist - c:\program files (x86)\intel\intel(r) security assist\isa.exe
S2 - [dbupdate] - Serviço Atualização do Dropbox (dbupdate) - c:\program files (x86)\dropbox\update\dropboxupdate.exe
S2 - [isaHelperSvc] - Intel(R) Security Assist Helper - c:\program files (x86)\intel\intel(r) security assist\isahelperservice.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [dbupdatem] - Serviço Atualização do Dropbox (dbupdatem) - c:\program files (x86)\dropbox\update\dropboxupdate.exe
S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
S3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe
S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Serviço Windows Defender - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
R2 - [srv] - Driver SMB 1.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys
R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
R0 - [aswRvrt] - avast! Revert - C:\WINDOWS\system32\Drivers\aswRvrt.sys
R0 - [aswVmm] - avast! VM Monitor - C:\WINDOWS\system32\Drivers\aswVmm.sys
R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
R0 - [disk] - Driver de disco - C:\WINDOWS\system32\Drivers\disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys
R0 - [gbpddreg] - Gbpddreg svc - C:\WINDOWS\system32\Drivers\gbpddreg.sys [x]
R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys
R0 - [intelpep] - Driver Intel(R) Power Engine Plug-in - C:\WINDOWS\system32\Drivers\intelpep.sys
R0 - [iorate] - iorate - C:\WINDOWS\system32\Drivers\iorate.sys
R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys
R0 - [partmgr] - Driver de partição - C:\WINDOWS\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
R0 - [spaceport] - Driver de Espaços de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\WINDOWS\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volume Shadow Copy driver - C:\WINDOWS\system32\Drivers\volsnap.sys
R0 - [volume] - Driver do volume - C:\WINDOWS\system32\Drivers\volume.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys
R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
R0 - [WindowsTrustedRT] - Windows Trusted Execution Environment Class Extension - C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
R0 - [WindowsTrustedRTProxy] - Serviço de Proteção de Tempo de Execução Confiável do Microsoft Windows - C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
S3 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys
S3 - [Tcpip6] - @todo.dll,-100;Microsoft IPv6 Protocol Driver - C:\WINDOWS\system32\Drivers\Tcpip6.sys [x]

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-1406961327-1963647117-1049897746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\ten\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Spotify"="C:\Users\ten\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"OneDrive"="C:\Users\ten\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\ten\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Spotify"="C:\Users\ten\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"
"OneDrive"="C:\Users\ten\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /ANDREA_BF_BYPASS"
"SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui"
"OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"
"OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
"Diebold - Warsaw"="C:\Program Files\Diebold\Warsaw\core.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/04/2016 12:02]
C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [20/10/2015 11:13]
C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [20/10/2015 11:13]
C:\WINDOWS\tasks\HPCeeScheduleForten.ten.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [16/06/2015 09:51]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\WINDOWS\SysNative\tasks\HPCeeScheduleForten.ten" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\WINDOWS\SysNative\tasks\SpyHunter4Startup" ["C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{5034B083-325C-4766-BECB-B1DD07086745}" [C:\windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\YCMServiceAgent" [c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\TEN~1.FUZ\AppData\Roaming\Firefox\Firefox\Profiles\di8rqqd1.default
user_pref("browser.startup.homepage", "www.google.com.br");
user_pref("browser.search.defaulturl", "https://br.search.yahoo.com/yhs/search");
user_pref("browser.newtab.url", "http://www.nicesearches.com?type=hp&ts=1465909294&from=6b1d0614&uid=st500dm002-1bd142_s3t0zh61&z=6b7c4e90b2abdbe1674fdf6g8z5qbw2taeft2o5tfc");
user_pref("browser.search.defaultengine", "Yahoo! (Avast)");
user_pref("browser.search.defaultenginename", "nice ");
user_pref("browser.search.selectedEngine", "nice ");
user_pref("keyword.URL", "https://br.search.yahoo.com/yhs/search");

ProfilePath: C:\Users\TEN~1.FUZ\AppData\Roaming\Mozilla\Firefox\Profiles\di8rqqd1.default
user_pref("browser.startup.homepage", "http://www.nicesearches.com?type=hp&ts=1465909294&from=6b1d0614&uid=st500dm002-1bd142_s3t0zh61&z=6b7c4e90b2abdbe1674fdf6g8z5qbw2taeft2o5tfc");
user_pref("browser.search.defaulturl", "https://br.search.yahoo.com/yhs/search");
user_pref("browser.newtab.url", "http://www.nicesearches.com?type=hp&ts=1465909294&from=6b1d0614&uid=st500dm002-1bd142_s3t0zh61&z=6b7c4e90b2abdbe1674fdf6g8z5qbw2taeft2o5tfc");
user_pref("browser.search.defaultengine", "Yahoo! (Avast)");
user_pref("browser.search.defaultenginename", "nice");
user_pref("browser.search.selectedEngine", "nice");
user_pref("keyword.URL", "https://br.search.yahoo.com/yhs/search");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [05/01/2016 10:53]

==== Firefox Extensions ======================

ProfilePath: C:\Users\TEN~1.FUZ\AppData\Roaming\Firefox\Firefox\Profiles\di8rqqd1.default
- SimilarWeb - %ProfilePath%\extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi
- Undetermined - %ProfilePath%\extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi
- pdfViewerSwitcher - %ProfilePath%\extensions\jid1-UXDr6c69BeyPVw@jetpack.xpi
- Portugus do Brasil Language Pack - %ProfilePath%\extensions\langpack-pt-BR@firefox.mozilla.org.xpi

ProfilePath: C:\Users\TEN~1.FUZ\AppData\Roaming\Mozilla\Firefox\Profiles\di8rqqd1.default
- Undetermined - C:\Users\ten\AppData\Roaming\Mozilla\Firefox\Profiles\di8rqqd1.default\extensions\arthurj8283@gmail.com
- Undetermined - C:\Users\ten\AppData\Roaming\Mozilla\Firefox\Profiles\di8rqqd1.default\extensions\arthurj8283@gmail.com
- Undetermined - C:\Users\ten\AppData\Roaming\Mozilla\Firefox\Profiles\di8rqqd1.default\extensions\arthurj8283@gmail.com
- pdfViewerSwitcher - %ProfilePath%\extensions\jid1-UXDr6c69BeyPVw@jetpack.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\ten\AppData\Roaming\Mozilla\Firefox\Profiles\di8rqqd1.default
57C7E359ED8D049132EED23EFA444C63    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[05/01/2016 10:52]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05/01/2016 10:52]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.yoursearchweb.com/search/?type=ds&ts=1467915870&z=7a34c4a66a685b814743e44g6zdqdm1t4gbw6b5q8q&from=wpm0616&uid=ST500DM002-1BD142_S3T0ZH61&q={searchTerms}"
"Default_Search_URL"="http://www.yoursearchweb.com/search/?type=ds&ts=1467915870&z=7a34c4a66a685b814743e44g6zdqdm1t4gbw6b5q8q&from=wpm0616&uid=ST500DM002-1BD142_S3T0ZH61&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{425ED333-6083-428a-92C9-0CFC28B9D1BF}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}] not found

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="Not_Found"

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearchweb.com/search/?type=ds&ts=1467915870&z=7a34c4a66a685b814743e44g6zdqdm1t4gbw6b5q8q&from=wpm0616&uid=ST500DM002-1BD142_S3T0ZH61&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursearchweb.com/search/?type=ds&ts=1467915870&z=7a34c4a66a685b814743e44g6zdqdm1t4gbw6b5q8q&from=wpm0616&uid=ST500DM002-1BD142_S3T0ZH61&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

==== EOF on 08/11/2016 at 13:22:37,13 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @abuZado

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×