cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

start
CloseProcesses:
(TODO: ) C:\ProgramData\Updata\GoogleUpdata.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-04] ()
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\...\MountPoints2: {76ebbaf2-c344-11e5-9c26-1c39470c8d59} - "E:\Autorun.exe"
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1455129254
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1455129254
SearchScopes: HKU\S-1-5-21-4207123351-2558841533-2703887520-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1454872059
SearchScopes: HKU\S-1-5-21-4207123351-2558841533-2703887520-1001 -> {C3BBCD0B-9234-4d36-9151-EC49EE32FCE3} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=28026190_dg&ie=utf-8
FF NewTab: hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
FF DefaultSearchEngine: yessearches
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF SelectedSearchEngine: YAC Safe Search
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=DE63A734246A1A9212F5584D4B680417&ptid=sqr&ts=AHEpB3IpC34oBE..&v=20160121&mode=ffexttoolbar&q=
FF SearchPlugin: C:\Users\marco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yac-safe-search-.xml [2016-02-07]
FF HKLM\...\Firefox\Extensions: [{DF371121-FC15-4E46-8DC1-7A1A108DC409}] - C:\Program Files\groover050220162330\Firefox\{DF371121-FC15-4E46-8DC1-7A1A108DC409}.xpi => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [{0DA7B203-0BA9-477F-8563-38B199734B62}] - C:\Program Files\shopperz050220162301\Firefox\{0DA7B203-0BA9-477F-8563-38B199734B62}.xpi => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [{D1F5921D-416A-4656-8B75-32B57057CA86}] - C:\Program Files\shopperz050220161443\Firefox\{D1F5921D-416A-4656-8B75-32B57057CA86}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{DF371121-FC15-4E46-8DC1-7A1A108DC409}] - C:\Program Files\groover050220162330\Firefox\{DF371121-FC15-4E46-8DC1-7A1A108DC409}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{0DA7B203-0BA9-477F-8563-38B199734B62}] - C:\Program Files\shopperz050220162301\Firefox\{0DA7B203-0BA9-477F-8563-38B199734B62}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{D1F5921D-416A-4656-8B75-32B57057CA86}] - C:\Program Files\shopperz050220161443\Firefox\{D1F5921D-416A-4656-8B75-32B57057CA86}.xpi => não encontrado (a)
CHR HomePage: Profile 1 -> hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
CHR StartupUrls: Profile 1 -> "hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46"
CHR Extension: (Ad.Block) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnhmodopgbdolkppmmmakhfpglglaoj [2016-02-05]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-05]
S2 Uisulba; "C:\Users\marco\AppData\Roaming\SywsuUugol\Womgeamt.exe" -cms [X]
S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S1 SRepairDrv; \??\C:\Windows\GJFix\SRepairDrv [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2016-02-07 18:11 - 2016-02-07 18:11 - 00000000 ____D C:\Users\marco_np4ggej\AppData\Roaming\Elex-tech
2016-02-07 15:57 - 2016-02-07 15:57 - 00000000 ____D C:\Windows\system32\log
2016-02-07 15:57 - 2016-02-07 15:57 - 00000000 ____D C:\Users\marco\AppData\Roaming\Elex-tech
2016-02-07 15:56 - 2016-02-07 15:57 - 27989848 _____ (Elex do Brasil Participações Ltda) C:\Users\marco\Downloads\yet_another_cleaner_sk_7004786.exe
2016-02-05 22:38 - 2016-02-06 19:20 - 00000000 ____D C:\AdwCleaner
2016-02-05 22:38 - 2016-02-05 22:38 - 01508352 _____ C:\Users\marco\Downloads\AdwCleaner.exe
2016-02-05 19:47 - 2016-02-07 16:38 - 00000000 ____D C:\Users\Todos os Usuários\OWdMO
2016-02-05 19:47 - 2016-02-07 16:38 - 00000000 ____D C:\ProgramData\OWdMO
2016-02-05 19:46 - 2016-02-05 19:46 - 00003122 _____ C:\Windows\System32\Tasks\ttwifi
2016-02-05 19:46 - 2016-02-05 19:46 - 00003016 _____ C:\Windows\System32\Tasks\osTip
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\Todos os Usuários\Updata
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\marco\AppData\Local\Tempfolder
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\ProgramData\Updata
2016-02-05 19:45 - 2016-02-05 19:45 - 00003416 _____ C:\Windows\System32\Tasks\Viubb
2016-02-05 19:15 - 2016-02-05 19:15 - 00003418 _____ C:\Windows\System32\Tasks\Buiwmev
2016-02-05 19:11 - 2016-02-05 19:11 - 00003422 _____ C:\Windows\System32\Tasks\Wiwlud
2016-02-05 19:11 - 2016-02-05 19:11 - 00000000 ____D C:\Users\marco\AppData\LocalLow\Company
2016-02-05 19:11 - 2016-02-05 19:11 - 00000000 ____D C:\uninst
2016-02-04 15:14 - 2016-02-07 16:38 - 00000000 ____D C:\Users\Todos os Usuários\2WdM2
2016-02-04 15:14 - 2016-02-07 16:38 - 00000000 ____D C:\ProgramData\2WdM2
2016-02-04 01:56 - 2015-03-05 02:12 - 00421784 _____ (Baidu, Inc.) C:\Windows\system32\BdSandboxDll64.dll
2016-02-04 01:56 - 2015-03-05 02:12 - 00332320 _____ (Baidu, Inc.) C:\Windows\SysWOW64\BdSandboxDll32.dll
2016-02-04 01:14 - 2016-02-04 01:07 - 00127800 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx64.sys
2016-02-04 01:09 - 2016-02-07 16:06 - 00002722 _____ C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\Users\Todos os Usuários\Baidu Security
2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\Users\marco\AppData\LocalLow\BAVData
2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\ProgramData\Baidu Security
2016-02-04 01:05 - 2016-02-04 01:05 - 00000000 ____D C:\Program Files (x86)\Baidu Security
2016-02-04 01:03 - 2016-02-05 22:46 - 00000000 ____D C:\Users\marco\AppData\Roaming\BavMini
2016-02-04 01:03 - 2016-02-04 01:03 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-02-04 01:01 - 2016-02-05 21:36 - 00000000 ____D C:\Users\marco\AppData\Roaming\Baidu
2016-02-04 01:01 - 2016-02-04 01:56 - 00000000 ____D C:\Users\Todos os Usuários\Baidu
2016-02-04 01:01 - 2016-02-04 01:56 - 00000000 ____D C:\ProgramData\Baidu
2016-02-04 01:01 - 2016-02-04 01:02 - 00000000 ____D C:\Program Files (x86)\Baidu
Task: {4F6F919E-01CA-4B01-92D4-11C5AF12AEF4} - System32\Tasks\Viubb => C:\PROGRA~1\SHOPPE~2\Mamzac.bat
Task: {79D78755-6D19-4EF1-A774-83EB9D9EA50A} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: )
Task: {A9AF41E9-E79A-41D4-98E0-0529533FC44B} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-02-04] ()
Task: {ADD1A33D-D4B0-42C0-B4F4-B027701DCA50} - System32\Tasks\{F411FB24-EE32-4B94-8E58-3355B0D562AC} => pcalua.exe -a "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.8029\uninst.exe"
Task: {B9AB3E3F-D9B0-4928-B867-4A6E8D2B350D} - System32\Tasks\Buiwmev => C:\PROGRA~1\SHOPPE~1\Rukpa.bat
Task: {C5C8078A-A1DB-4EAE-8F09-32363B5008E2} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATENÇÃO
FirewallRules: [{61067DF8-0AAD-46BB-842F-E475984BBA21}] => (Allow) C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe
C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe
C:\Users\marco\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\marco\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\marco\AppData\Local\Temp\AOPSetup.exe
C:\Users\marco\AppData\Local\Temp\comver.dll
C:\Users\marco\AppData\Local\Temp\EAD2D11.exe
C:\Users\marco\AppData\Local\Temp\EAD4484.exe
C:\Users\marco\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\marco\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\marco\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\marco\AppData\Local\Temp\launcher_vs2010_sp1_vcredist_x86.exe
C:\Users\marco\AppData\Local\Temp\McCSPInstall.dll
C:\Users\marco\AppData\Local\Temp\mccspuninstall.exe
C:\Users\marco\AppData\Local\Temp\octDDB7.tmp.exe
C:\Users\marco\AppData\Local\Temp\octDEDB.tmp.exe
C:\Users\marco\AppData\Local\Temp\octE87F.tmp.exe
C:\Users\marco\AppData\Local\Temp\oprun3237.exe
C:\Users\marco\AppData\Local\Temp\qqpcmgr_v11.2.17058.221_45129_Silence.exe
C:\Users\marco\AppData\Local\Temp\SkypeSetup.exe
C:\Users\marco\AppData\Local\Temp\sqlite3.dll
C:\Users\marco\AppData\Local\Temp\uninstall.exe
C:\Users\marco\AppData\Local\Temp\UninstallEADM.dll
C:\Users\marco\AppData\Local\Temp\UninstallModule.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: dir /a "C:\Program Files"
CMD: dir /a "C:\Program Files (x86)"
CMD: dir /a "C:\Users\All Users"
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end

Publicité


Signaler le contenu de ce document

Publicité