Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo
turca

Analise de log, PC dando msg de virus no avast

Mensagem Recomendada

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:50:13, on 01/12/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.18098)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\FsUsbExService.Exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Samsung\Kies\KiesAirMessage.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\NOT\Desktop\HijackThis.exe

C:\Windows\System32\svchost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=hp-avast&type=avastbcl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://br.yahoo.com/?fr=hp-avast&type=avastbcl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=hp-avast&type=avastbcl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [sH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.bancoreal.com.br


O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: http://www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br


O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

 

--

End of file - 8933 bytes

 

 

Obrigado desde já!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Novo Malwarebytes'Anti-Malware (MBAM)

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem. Antes de concluir a instalação, desmarque a opção “Ativar trial gratuito do Malwarebytes Anti-Malware PRO”

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir. Se houver Atualizações a serem feitas, serão baixadas e instaladas.

Clique em Settings e no campo Language mude para Portuguese (Brasil). Ainda na tela de Configurações clique em Detecção e proteção, marque "Verificar por Rootkits". Em "Detecções PUP" (programas potencialmente indesejados):, selecione "Tratar detecções como Malware".

Clique em Verificar e em seguida Verificar ameaça, clique em Verificar Agora. Começará então o exame. Aguarde, pois pode demorar........Ao acabar o exame, se houver itens encontrados, clique no botão "Mover todos para a Quarentena"...Clique em Aplicar Ações

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos > Log de Verificação , na janela principal do Programa. Utilize o formato .txt para exportar o Log. Poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
Malwarebytes Anti-Malware

www.malwarebytes.org

 

Data da verificação: 01/12/2015

Hora da verificação: 14:34

Arquivo de registro: mbam.txt

Administrador: Sim

 

Versão: 2.2.0.1024

Banco de dados de malware: v2015.12.01.04

Banco de dados de rootkit: v2015.11.26.01

Licença: Versão de avaliação

Proteção contra malware: Habilitado

Proteção contra website malicioso: Habilitado

Autoproteção: Desabilitado

 

Sistema operacional: Windows 7 Service Pack 1

CPU: x86

Sistema de arquivos: NTFS

Usuário: NOT

 

Tipo de verificação: Verificação da ameaça

Resultado: Concluído

Objetos verificados: 311875

Tempo decorrido: 16 min, 34 seg

 

Memória: Habilitado

Inicialização: Habilitado

Sistema de arquivos: Habilitado

Arquivos compactados: Habilitado

Rootkits: Habilitado

Heurística: Habilitado

PUP: Habilitado

PUM: Habilitado

 

Processos: 0

(Nenhum item malicioso detectado)

 

Módulos: 0

(Nenhum item malicioso detectado)

 

Chaves de registro: 0

(Nenhum item malicioso detectado)

 

Valores de registro: 0

(Nenhum item malicioso detectado)

 

Dados de registro: 0

(Nenhum item malicioso detectado)

 

Pastas: 0

(Nenhum item malicioso detectado)

 

Arquivos: 0

(Nenhum item malicioso detectado)

 

Setores físicos: 0

(Nenhum item malicioso detectado)

 

 

(end)

 


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:17:15, on 01/12/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.18098)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\FsUsbExService.Exe

C:\Windows\system32\svchost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Samsung\Kies\KiesAirMessage.exe

C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Windows\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\SHARMAQ\SHOficina\shoficina3.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe

C:\Users\NOT\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=hp-avast&type=avastbcl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://br.yahoo.com/?fr=hp-avast&type=avastbcl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=hp-avast&type=avastbcl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [sH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.bancoreal.com.br


O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: http://www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br


O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

 

--

End of file - 9372 bytes

 valeu de novo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download AdwCleaner dlsymb.jpg Salve-o no Desktop. (Área de Trabalho). Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8, 8.1 ou 10, clicar com o botão direito do mouse no arquivo e selecionar: run_as_adm1.png

AdwCleanerMobile_zps74904f3e.jpg

Clique [scan e depois em Clean] Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista, 7, 8, 8.1 ou 10 Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt..Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe fiquei sem net aqui

 

# AdwCleaner v5.023 - Relatório criado 01/12/2015 às 16:35:27
# Atualizado 30/11/2015 por Xplode
# Banco de dados : 2015-11-30.1 [servidor]
# Sistema operacional : Windows 7 Professional Service Pack 1 (x86)
# Usuário : NOT - ATENDIMENTO
# Executando de : C:\Users\NOT\Desktop\AdwCleaner.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Pastas ] *****
 
[-] Pasta Excluído : C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\06zmhirm.default\Extensions\ascsurfingprotection@iobit.com
 
***** [ Arquivos ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Atalhos ] *****
 
 
***** [ Tarefas agendadas ] *****
 
 
***** [ Registro ] *****
 
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
 
***** [ Navegadores ] *****
 
 
*************************
 
:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas
 
########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [1074 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x86 
Ran by NOT (Administrator) on 01/12/2015 at 16:40:15,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\NOT\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_NOT (Task)
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/12/2015 at 16:48:26,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:03:32, on 03/12/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\GWX\GWX.exe
C:\Users\NOT\Desktop\HijackThis.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=hp-avast&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://br.yahoo.com/?fr=hp-avast&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=hp-avast&type=avastbcl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [sH_AutoBackup] C:\SHARMAQ\SHOficina Segunda Abertura\SHRecovery.exe /BACKUP
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: wwws.realsecureweb.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O15 - Trusted Zone: www.secureweb.com.br
O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
 
--
End of file - 7294 bytes
 
 
valeu novamente

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Zoek

Descompacte o Arquivo Zoek.exe para Área de Trabalho (Desktop)

Execute-o e copie e cole as linhas abaixo no espaço do Zoek

createsrpoint;

autoclean;

resetieproxy;

resethosts;

iedefaults;

chrdefaults;

emptyCHRcache;

ffdefaults;

firefoxlook;

emptyalltemp;

shortcutfix;

Feche o seu Navegador e clique Run Script

(Durante o Scan a mensagem abaixo será apresentada. Aguarde o término, pode demorar um pouquinho.....

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.

Please wait! This window will close when finished.

A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

Caso seja solicitada a Reinicialização do PC, clique em OK .

Poste o Relatório gerado + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Zoek.exe v5.0.0.1 Updated 27-09-2015

Tool run by NOT on 03/12/2015 at 11:22:11,48.

Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86

Running in: Normal Mode No Internet Access Detected

Launched: C:\Users\NOT\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

03/12/2015 11:24:18 Zoek.exe System Restore Point Created Successfully.

 

==== Reset Hosts File ======================

 

# Copyright © 1993-2006 Microsoft Corp. 


# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 


# This file contains the mappings of IP addresses to host names. Each 

# entry should be kept on an individual line. The IP address should 

# be placed in the first column followed by the corresponding host name. 

# The IP address and the host name should be separated by at least one 

# space. 


# Additionally, comments (such as these) may be inserted on individual 

# lines or following the machine name denoted by a '#' symbol. 


# For example: 


#      102.54.94.97     rhino.acme.com          # source server 

#       38.25.63.10     x.acme.com              # x client host 

 

# localhost name resolution is handled within DNS itself. 

127.0.0.1       localhost 

::1             localhost 

 

==== Empty Folders Check ======================

 

C:\Program Files\Octoplus deleted successfully

C:\Program Files\VideoLAN deleted successfully

C:\PROGRA~2\CorelDRAW Graphics Suite X6 deleted successfully

C:\PROGRA~2\CorelDRAW Graphics Suite X6.1 deleted successfully

C:\PROGRA~2\{126CFB2A-3098-4C8B-A9BB-8D922A069FE0} deleted successfully

C:\PROGRA~2\{2ACB8283-3DA0-4D9A-8EC6-CE39EEA98C97} deleted successfully

C:\PROGRA~2\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} deleted successfully

C:\Users\NOT\AppData\Roaming\AMCPromote deleted successfully

C:\Users\NOT\AppData\Local\VirtualStore deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3039608177-1423210225-3143003983-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== FireFox Fix ======================

 

Deleted from C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\06zmhirm.default\prefs.js:

user_pref("browser.startup.homepage", "www.google.com.br");

 

Added to C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\06zmhirm.default\prefs.js:

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

 

ProfilePath: C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\06zmhirm.default

 

user.js not found

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- FireFox user.js and prefs.js backups ---- 

 

prefs_122015_1201_.backup

 

==== Deleting Files \ Folders ======================

 

C:\Program Files\Octoplus not found

C:\Program Files\VideoLAN not found

C:\PROGRA~2\CorelDRAW Graphics Suite X6.1 not found

C:\PROGRA~2\{126CFB2A-3098-4C8B-A9BB-8D922A069FE0} not found

C:\PROGRA~2\{2ACB8283-3DA0-4D9A-8EC6-CE39EEA98C97} not found

C:\PROGRA~2\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} not found

C:\Program Files\Arquivos Comuns deleted

C:\Users\NOT\.android deleted

C:\Program Files\GUM974F.tmp deleted

C:\found.000 deleted

C:\found.001 deleted

C:\Users\NOT\AppData\Roaming\ProductData deleted

C:\PROGRA~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted

"C:\Users\NOT\AppData\Local\{82F26A7D-DD82-4D9C-BA37-62AC7022A56A}" deleted

 

==== Firefox Start and Search pages ======================

 

ProfilePath: C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\06zmhirm.default

user_pref("browser.startup.homepage", "about:home");

user_pref("browser.newtab.url", "about:newtab");

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [23/11/2015 01:53]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [20/06/2015 14:43]

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\06zmhirm.default

- Modulo de Protecao - Banco Santander Brasil S.A. - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}

- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

 

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\06zmhirm.default

1E550CCFA453C39AB4FB5E0AE2D8F664 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.8

ABF5624E712FC54C89F56845718A8060 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.8

FCC5FE323BBF1FD62438AB6B7FCDD38F - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.8

D60488FF40FE768B97748E53CDC07C63 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.8

8C37F61CCEF841EB219035F19BCA3019 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.8

F169116C1BA501AB4D0D66D41FF496B5 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat

FC5D7AF1FC3A63782E19B375E2312D1C - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

3D1497F3F1A344FFB733CE616BB9096D - C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll - Google Update

D6015DB8EA402753421FF62CA3909B62 - C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll - Java Platform SE 8 U66

ADC539F67D3198679F480974EE203678 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11

F40E8C944675BF87E605E8E02FA76EDA - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

F114FBA6246530B89DD1E04351E0EAC5 - C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash

3CD19649B2C3023D65E67C056457A2BC - C:\Users\NOT\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

 

 

==== Chromium Look ======================

 

Google Chrome Version: 46.0.2490.86

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[23/11/2015 01:52]

 

Avast Online Security - NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

 

==== Chromium Fix ======================

 

C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully

C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully

C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully

C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully

C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1uwhu0fkvi771.cloudfront.net_0.localstorage deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{9CB96984-43C3-4D44-90EF-01466EFCF7BB}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}] not found

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{40C9361E-0C57-4009-9798-BEC63BB370CC} Google  Url="http://www.google.com/search?hl=en&q={searchTerms}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

 

==== Reset Google Chrome ======================

 

C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully

C:\Users\NOT\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully

C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

C:\Users\NOT\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

C:\Users\NOT\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

 

==== shortcuts on Users Desktops ======================

 

C:\Users\NOT\Desktop\BACKUP (D).lnk - D:\ 

C:\Users\NOT\Desktop\DCTxBB5.lnk - C:\Program Files\Nokia\Phoenix\DCTxBB5.exe 

C:\Users\NOT\Desktop\Flashtool.lnk - C:\Flashtool\FlashTool.exe 

C:\Users\NOT\Desktop\HWK Update Client.lnk - C:\Program Files\SarasSoft\UFS\UpdateClient\UpdateClient.exe 

C:\Users\NOT\Desktop\InfinityBox drivers installation guide Ru.lnk - C:\InfinityBox\Drivers\box\Infinity-Box_Installation_manual_Ru.pdf 

C:\Users\NOT\Desktop\InfinityBox Drivers.lnk - C:\InfinityBox\Drivers\box 

C:\Users\NOT\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

C:\Users\NOT\Desktop\Jogos.lnk -  

C:\Users\NOT\Desktop\LGE Tool.lnk - C:\Program Files\LGE Tool\LGETool.exe 

C:\Users\NOT\Desktop\LGMobile Support Tool.lnk - C:\ProgramData\LGMOBILEAX\LGMLauncher.exe 

C:\Users\NOT\Desktop\LG_GSM.lnk - C:\Program Files\SarasSoft\UFS\UFS_LG_GSM\LG_GSM.exe 

C:\Users\NOT\Desktop\MEGAsync.lnk - C:\Users\NOT\AppData\Local\MEGAsync\MEGAsync.exe 

C:\Users\NOT\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe 

C:\Users\NOT\Desktop\SAMs.lnk - C:\Program Files\SarasSoft\UFS\UFS_SAMs\SAMs.exe 

C:\Users\NOT\Desktop\SeDbx.lnk - C:\Program Files\SarasSoft\UFS\UFS_DBX\SeDbx.exe 

C:\Users\NOT\Desktop\SHOficina Segunda Abertura.lnk - C:\SHARMAQ\SHOficina Segunda Abertura\shoficina3.exe 

C:\Users\NOT\Desktop\SHOficina5.lnk - C:\SHARMAQ\SHOficina\shoficina3.exe 

C:\Users\NOT\Desktop\SHVendas.lnk - C:\SHARMAQ\SHOficina\shvenda.exe 

C:\Users\NOT\Desktop\TABELA DE PREÇOS.lnk -  

C:\Users\NOT\Desktop\UFS_PANEL.lnk - C:\Program Files\SarasSoft\UFS\UFS_PANEL\UFS_PANEL.exe 

C:\Users\NOT\Desktop\µTorrent.lnk -  

 

==== shortcuts on All Users Desktop ======================

 

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe 

C:\Users\Public\Desktop\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe 

C:\Users\Public\Desktop\Boot-Loader Download Manager.lnk - C:\Program Files\Boot-Loader Download Manager\BLDM.exe 

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe 

C:\Users\Public\Desktop\Central de Soluções HP.lnk -  

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 

C:\Users\Public\Desktop\InfinityBox iosFileUploader.lnk - C:\InfinityBox\iosFileUploader\iosFileUploader.exe 

C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe 

C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe 

C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe 

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe 

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe 

C:\Users\Public\Desktop\MV Internet Optimizer 1.0.lnk - C:\Program Files\Marcos Velasco Security\MV Internet Optimizer 1.0\MVINTOPT.EXE 

C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files\QuickTime\QuickTimePlayer.exe 

C:\Users\Public\Desktop\Samsung Kies (Lite).lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe /lite

C:\Users\Public\Desktop\Samsung Kies.lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe 

 

==== shortcuts in Users Start Menu ======================

 

C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -  

C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool\Flashtool.lnk - C:\Flashtool\FlashTool.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool\Flashtool64.lnk - C:\Flashtool\FlashTool64.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool\Uninstall Flashtool.lnk - C:\Flashtool\uninstall.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk - C:\Users\NOT\AppData\Local\MEGAsync\MEGA Website.url 

C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk - C:\Users\NOT\AppData\Local\MEGAsync\MEGAsync.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk - C:\Users\NOT\AppData\Local\MEGAsync\uninst.exe 

 

==== shortcuts in All Users Start Menu ======================

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files\Opera\launcher.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\iosFileUploader\InfinityBox iosFileUploader.lnk - C:\InfinityBox\iosFileUploader\iosFileUploader.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\iosFileUploader\Uninstall InfinityBox iosFileUploader.lnk - C:\InfinityBox\iosFileUploader\iosFileUploader_uninstall.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGETool\LGE Tool.lnk - C:\Program Files\LGE Tool\LGETool.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\System32\msiexec.exe /i {80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC} /qf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}\QTPlayer.ico 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}\RichText.ico 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\Manual.lnk - C:\SHARMAQ\SHOficina Segunda Abertura\Manual.doc 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHAgenda.lnk - C:\SHARMAQ\SHOficina Segunda Abertura\SHAgenda.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHEstoque.lnk - C:\SHARMAQ\SHOficina Segunda Abertura\shestoque.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHOficina na Web.lnk - C:\SHARMAQ\SHOficina Segunda Abertura\AutoBackups\SHOficina.url 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHOficina.lnk - C:\SHARMAQ\SHOficina Segunda Abertura\shoficina3.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHVendas.lnk - C:\SHARMAQ\SHOficina Segunda Abertura\shvenda.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\Uninstall SHOficina.lnk - C:\SHARMAQ\SHOficina Segunda Abertura\unins000.exe 

 

==== shortcuts in Quick Launch ======================

 

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\LGE Tool.lnk - C:\Program Files\LGE Tool\LGETool.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SPT.lnk - C:\Program Files\SPT\SPT.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

 

==== Reset IE Proxy ======================

 

Value(s) before fix:

"ProxyOverride"="*.local"

"ProxyEnable"=dword:00000000

 

Value(s) after fix:

"ProxyEnable"=dword:00000000

 

==== Empty IE Cache ======================

 

C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\NOT\AppData\Local\Mozilla\Firefox\Profiles\06zmhirm.default\cache2 emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\NOT\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache is not empty, a reboot is needed

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=208 folders=9 10185543 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\temp emptied successfully

C:\Users\Default User\AppData\Local\temp emptied successfully

C:\Users\NOT\AppData\Local\Temp will be emptied at reboot

C:\Users\Public\AppData\Local\temp emptied successfully

C:\Users\USURIO~1\AppData\Local\temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\NOT\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Users\NOT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\52DTDHU9\data.jogosonlinegratis.uol.com.br"  not found

"C:\Users\NOT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\52DTDHU9\socialprint.com.br"  not found

"C:\Users\NOT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\52DTDHU9\www.disney.co.uk"  not found

"C:\Users\NOT\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\52DTDHU9\zynga1-a.akamaihd.net"  not found

 

==== EOF on 03/12/2015 at 13:10:13,99 ======================

 

 

 


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:18:47, on 03/12/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.18098)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\system32\GWX\GWX.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Samsung\Kies\KiesAirMessage.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Users\NOT\Desktop\HijackThis.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [sH_AutoBackup] C:\SHARMAQ\SHOficina Segunda Abertura\SHRecovery.exe /BACKUP

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.bancoreal.com.br


O15 - Trusted Zone: wwws.realsecureweb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: http://www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br


O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O15 - Trusted Zone: www.secureweb.com.br

O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files\GbPlugin\gbiehAbn.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe

 

--

End of file - 7226 bytes

 

 

valeu

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...