cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

start
CloseProcesses:
HKLM-x32\...\Run: [SearchSettings] => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKLM-x32\...\Run: [gmsd_br_005010192] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
CHR HKU\S-1-5-21-2447171046-917324971-2953145129-1000\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1409530214&from=cor&uid=SAMSUNGXHM641JI_S2PNJ56B905910&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1409530214&from=cor&uid=SAMSUNGXHM641JI_S2PNJ56B905910&q={searchTerms}
HKU\S-1-5-21-2447171046-917324971-2953145129-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=4e61e552-1754-4042-874b-166861ad6e84&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-2447171046-917324971-2953145129-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=4e61e552-1754-4042-874b-166861ad6e84&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-2447171046-917324971-2953145129-1000 - (Sem Nome) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - Nenhum Arquivo
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2447171046-917324971-2953145129-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2447171046-917324971-2953145129-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BR&userid=4e61e552-1754-4042-874b-166861ad6e84&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2447171046-917324971-2953145129-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2447171046-917324971-2953145129-1000 -> {4E90A8EA-9338-4671-8032-C8BD2BFE4645} URL = hxxp://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=971163&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2447171046-917324971-2953145129-1000 -> {D37588AC-A250-478C-90E9-F5F31F0DF8C7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYBR&apn_uid=43126FFB-EED5-4799-B5D6-E4B7660F1A13&apn_sauid=BAD6D552-A6F5-485D-B85E-893FEF5924E7
BHO-x32: SaveSense -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> C:\Program Files (x86)\SaveSense\SaveSenseIE.dll => Nenhum Arquivo
BHO-x32: PSafe ClikSeguro -> {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} -> C:\Program Files (x86)\PSafe\ClikSeguro\ClikSeguro.dll => Nenhum Arquivo
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll => Nenhum Arquivo
BHO-x32: Sem Nome -> {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Nenhum Arquivo
BHO-x32: LyricXeeker -> {DF89BC70-AC87-4A31-ACD5-7417E2CF1209} -> C:\Program Files (x86)\LyriXeeker\116.dll => Nenhum Arquivo
Toolbar: HKLM - Sem Nome - {ae07101b-46d4-4a98-af68-0333ea26e113} - Nenhum Arquivo
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll Nenhum Arquivo
Toolbar: HKLM-x32 - Sem Nome - {ae07101b-46d4-4a98-af68-0333ea26e113} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2447171046-917324971-2953145129-1000 -> Sem Nome - {F999A48B-1950-4D81-9971-79018F807B4B} - Nenhum Arquivo
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Nenhum Arquivo
S2 CimcuBiktal; "C:\Program Files\shopperz301220151513\CakeLumm.exe" -cmd [X]
S2 fokesywyzbt; C:\Program Files (x86)\6CAC2750-1451529584-E011-8068-B870F4DC0856\knsjDAAB.tmpfs [X]
S2 Lhghao; "C:\Users\Alfredo\AppData\Roaming\RevtebCymar\Kolga.exe" -cms [X]
S3 Nydpauyjo; C:\Program Files\shopperz301220151513\Nydpauyjo.exe [X]
S2 shopperz301220151513 Updater; C:\Program Files\shopperz301220151513\Paxmajv.exe [X]
S2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.0.11150\WeatherService.exe [X]
S2 wucotusy; C:\Program Files (x86)\6CAC2750-1451529584-E011-8068-B870F4DC0856\hnstC33.tmp [X]
S2 zutuzuni; C:\Program Files (x86)\6CAC2750-1451529584-E011-8068-B870F4DC0856\jnszF425.tmp [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
U3 idsvc; não ImagePath
U3 wpcsvc; não ImagePath
2015-12-30 23:51 - 2015-12-30 23:51 - 00003752 _____ C:\WINDOWS\System32\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}
2015-12-30 23:51 - 2015-12-30 23:51 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-01-01 02:13 - 2014-01-06 12:13 - 00000300 _____ C:\WINDOWS\Tasks\Funmoods.job
2015-12-30 23:51 - 2014-01-06 11:56 - 00000000 ____D C:\Users\Todos os Usuários\baidu
2015-12-30 23:51 - 2014-01-06 11:56 - 00000000 ____D C:\ProgramData\baidu
2015-12-30 23:51 - 2013-07-21 15:20 - 00000000 ____D C:\Users\Alfredo\AppData\Roaming\baidu
2015-12-05 23:57 - 2014-02-04 21:12 - 00003306 _____ C:\WINDOWS\System32\Tasks\{1A0CBE13-75AE-4300-82B2-D763359C2602}
2015-12-05 23:57 - 2014-01-06 12:13 - 00004040 _____ C:\WINDOWS\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
2015-12-05 23:57 - 2014-01-06 12:13 - 00003788 _____ C:\WINDOWS\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
2015-12-05 23:57 - 2014-01-06 12:13 - 00003358 _____ C:\WINDOWS\System32\Tasks\SaveSense
2015-12-05 23:57 - 2014-01-06 12:13 - 00003354 _____ C:\WINDOWS\System32\Tasks\Funmoods
2015-12-05 23:57 - 2011-07-26 14:09 - 00002932 _____ C:\WINDOWS\System32\Tasks\Adobe ARM
2015-12-04 18:22 - 2013-07-25 12:49 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2015-12-04 18:22 - 2013-07-25 12:49 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-08-18 08:28 - 2014-08-18 08:28 - 0008192 _____ () C:\Users\Alfredo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-31 17:25 - 2014-08-31 21:31 - 0000152 _____ () C:\ProgramData\bc.ini
2013-11-22 08:40 - 2013-11-22 08:40 - 0170344 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
Task: {074A478F-A272-4F7E-AA8E-8D155E99F679} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {0F175488-DEB5-44BF-8615-A7CC9E8536D9} - System32\Tasks\RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATENÇÃO
Task: {11810952-7F61-4495-A70C-7171FDE806B2} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {18F69F33-C6BC-4CB6-B4BA-DAE70A3AB956} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {2DAE6639-C725-4BFE-A299-2B511DC2CD39} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATENÇÃO
Task: {34211244-872D-439D-BE97-F7992E45A82A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {3D80D020-66AB-4E21-9314-4E06FD405AF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {514FA6E1-EB55-4E7B-9327-DB169ACDBE4A} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Alfredo\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATENÇÃO
Task: {53A4668A-CBB3-49D9-AF90-A70F2322F371} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {6F112EB1-12FC-4A2B-8E4E-23F2A4B87710} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO
Task: {7FB2D5AD-1D42-4E9A-87C6-4806B2D88FAD} - System32\Tasks\Funmoods => C:\Users\Alfredo\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO
Task: {893F8BCF-9CEF-4E77-9C80-B6E67A1634CB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {8B14AC36-7B8A-42E3-B9BA-53FCA4CF3D35} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {8EE1D111-631F-43D1-8933-264A5A3ECB9B} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATENÇÃO
Task: {9976C9F3-12BC-458D-A93D-1C315B067F16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {ACCC9D8B-8C0B-4CBA-9A5D-CA9BE14209C0} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATENÇÃO
Task: {C4043823-BFD0-4ED7-85F1-B5D3E9871962} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {D4B6F08D-CBEF-45FC-8DE8-EDE59E81DC80} - System32\Tasks\SaveSense => C:\Users\Alfredo\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO
Task: {D65709C9-194E-4E50-AC47-0EC1BBD4D95B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO
Task: {E048CD36-7E2B-4A10-83EC-BD3D0D5DFE57} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {F335A3B4-7ED8-4FD0-9BBD-3E6FD59913EF} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job => C:\Program Files (x86)\baidu\update\baidujp_update.exe
Task: C:\WINDOWS\Tasks\Funmoods.job => C:\Users\Alfredo\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\SaveSense.job => C:\Users\Alfredo\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATENÇÃO
FirewallRules: [{C2F60317-A258-4513-9BF6-E3DFAE3ED73E}] => (Allow) C:\Program Files (x86)\baidu\Spark\bdtray.exe
FirewallRules: [{BC8CFB78-4B36-4B92-8AF4-96915B34C238}] => (Allow) C:\Program Files (x86)\baidu\Spark\bdtray.exe
FirewallRules: [{EA05CF07-CB55-4A60-9052-B889F619E02F}] => (Allow) C:\Program Files (x86)\baidu\Spark\Spark.exe
FirewallRules: [{F3CA7DCA-166A-435D-94B6-68F8C9D9667F}] => (Allow) C:\Program Files (x86)\baidu\Spark\Spark.exe
FirewallRules: [{0CA8C1D1-4613-45E0-86BD-F77182E4E60D}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{179B59EF-5032-42B4-B772-62E5C3F3E344}] => (Allow) C:\Program Files (x86)\PSafe\PSRsync.exe
FirewallRules: [{502D47F3-C694-4F58-B90E-E6A2A6608289}] => (Allow) C:\Program Files (x86)\PSafe\PSRsync.exe
AlternateDataStreams: C:\WINDOWS\System32:30ADA2F1_Uni.gbp
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
C:\ProgramData\FileSplitUpLoad.dll
C:\Program Files (x86)\baidu
C:\Program Files (x86)\baidu\update
C:\Program Files (x86)\baidu\update\baidujp_update.exe
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
C:\Users\Alfredo\AppData\Roaming\RevtebCymar\Kolga.exe
C:\Users\Alfredo\AppData\Local\Temp\62DD.tmp.exe
C:\Users\Alfredo\AppData\Local\Temp\6A39.tmp.exe
C:\Users\Alfredo\AppData\Local\Temp\9E9A.tmp.exe
C:\Users\Alfredo\AppData\Local\Temp\amisetup0073__16165.exe
C:\Users\Alfredo\AppData\Local\Temp\C47.tmp.exe
C:\Users\Alfredo\AppData\Local\Temp\DD56.tmp.exe
C:\Users\Alfredo\AppData\Local\Temp\fsd58C3.exe
C:\Users\Alfredo\AppData\Local\Temp\fsdD52E.exe
C:\Users\Alfredo\AppData\Local\Temp\oprun7418.exe
C:\Users\Alfredo\AppData\Local\Temp\oprun9560.exe
C:\Users\Alfredo\AppData\Local\Temp\rnsetup0.exe
C:\Users\Alfredo\AppData\Local\Temp\somoto_VDownloader_1.0.exe
C:\Users\Alfredo\AppData\Local\Temp\SpOrder.dll
C:\Users\Alfredo\AppData\Local\Temp\stubhelper.dll
C:\Users\Alfredo\AppData\Local\Temp\tmpB96A.tmp.exe
C:\Users\Alfredo\AppData\Local\Temp\UninstallModule.exe
Folder: C:\Users\Alfredo\AppData\Roaming\RevtebCymar
CMD: dir /a "C:\Program Files"
CMD: dir /a "C:\Program Files (x86)"
CMD: dir /a C:\ProgramData
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end

Publicité


Signaler le contenu de ce document

Publicité