Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14807 usuários registrados
O último membro registrado é Costa24

Os nossos membros postaram um total de 36044 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por Costa24 Hoje à(s) 10:19

Quem está conectado?
17 usuários online :: 0 registrados, 0 invisíveis e 17 visitantes

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

março 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
25262728293031

Calendário Calendário


CE_UmbrellaCert

3 participantes

Ir para baixo

CE_UmbrellaCert  Empty CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 06:11

Surgiu em meu Pc esse certificado de segurança para ser instalado, como faço para me livra dessas mensagens.
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 10:07

CE_UmbrellaCert  648673379  Olá Fernando.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 11:53

# AdwCleaner v3.211 - Relatório criado 26/05/2014 às 11:45:56
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate  (32 bits)
# Usuário : lourinaldo - LOURINALDO-PC
# Executando de : C:\Users\lourinaldo\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : IePluginService
[#] Serviço Deletada : WajamUpdaterV2
[#] Serviço Deletada : winzipersvc
[#] Serviço Deletada : Wpm

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\Ask
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\BitGuard
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
Pasta Deletada : C:\ProgramData\eSafe
Pasta Deletada : C:\ProgramData\FreeRIP
Pasta Deletada : C:\ProgramData\IePluginService
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\ProgramData\VisualBee
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Pasta Deletada : C:\Program Files\iSafe
Pasta Deletada : C:\Program Files\SaveSenseLive
Pasta Deletada : C:\Program Files\SupTab
Pasta Deletada : C:\Program Files\WinZipper
Pasta Deletada : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Pasta Deletada : C:\Users\lourinaldo\AppData\Local\Beamrise
Pasta Deletada : C:\Users\lourinaldo\AppData\Local\DownloadGuide
Pasta Deletada : C:\Users\lourinaldo\AppData\Local\emaze
Pasta Deletada : C:\Users\lourinaldo\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\lourinaldo\AppData\Local\VisualBeeClient
Pasta Deletada : C:\Users\lourinaldo\AppData\Local\VisualBeeExe
Pasta Deletada : C:\Users\lourinaldo\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\lourinaldo\AppData\LocalLow\DataMngr
Pasta Deletada : C:\Users\lourinaldo\AppData\LocalLow\Funmoods
Pasta Deletada : C:\Users\lourinaldo\AppData\LocalLow\VisualBee
Pasta Deletada : C:\Users\lourinaldo\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\lourinaldo\AppData\Roaming\eIntaller
Pasta Deletada : C:\Users\lourinaldo\AppData\Roaming\eUpdate
Pasta Deletada : C:\Users\lourinaldo\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\lourinaldo\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\lourinaldo\AppData\Roaming\VisualBee
Pasta Deletada : C:\Users\lourinaldo\AppData\Roaming\WinZipper
Pasta Deletada : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
Pasta Deletada : C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd
Pasta Deletada : C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Users\lourinaldo\AppData\Local\funmoods.crx
Arquivo Deletada : C:\Users\lourinaldo\AppData\Local\funmoods-speeddial.crx
Arquivo Deletada : C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml
Arquivo Deletada : C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Deletada : C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Deletada : C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Arquivo Deletada : C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
Arquivo Deletada : C:\Windows\System32\Tasks\Dealply
Arquivo Deletada : C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-2.3-codedownloader
Arquivo Deletada : C:\Windows\Tasks\Plus-HD-2.3-enabler.job
Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-2.3-enabler
Arquivo Deletada : C:\Windows\Tasks\Plus-HD-2.3-updater.job
Arquivo Deletada : C:\Windows\System32\Tasks\Plus-HD-2.3-updater
Arquivo Deletada : C:\Windows\System32\Tasks\RunAsStdUser
Arquivo Deletada : C:\Windows\Tasks\VisualBee-enabler.job
Arquivo Deletada : C:\Windows\System32\Tasks\VisualBee-enabler

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\lourinaldo\Desktop\Favoritos\Corinthians x Rio Claro  brcast.com.lnk

***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cloikdolicapcipfoncopeialjfhabgf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A7E07AE-2FD4-4EBD-B063-8DC43ACBA3E0}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A7E07AE-2FD4-4EBD-B063-8DC43ACBA3E0}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE77E063-088F-40A1-8E54-3A720241F762}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE77E063-088F-40A1-8E54-3A720241F762}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{948D75C6-9204-4EA2-8F09-9B0B9EEF75CF}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{948D75C6-9204-4EA2-8F09-9B0B9EEF75CF}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B81069EA-D89A-4EDD-B1F7-5FA3485FE75A}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B81069EA-D89A-4EDD-B1F7-5FA3485FE75A}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47D539FD-8231-45D4-A0A7-F86F97977AEC}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47D539FD-8231-45D4-A0A7-F86F97977AEC}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4DFE8426-9218-43C3-80E4-FDDA5683D115}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DFE8426-9218-43C3-80E4-FDDA5683D115}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\f
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Chave Deletedo : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\plus-hd-2_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Valor Deletedo : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Valor Deletedo : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Chave Deletedo : HKCU\Software\5f28ddab43ce514
Chave Deletedo : HKLM\SOFTWARE\5f28ddab43ce514
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F386E548-C533-472E-8C61-C026FB14FEA9}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4A7AAC3-D9C2-4D61-8892-5DD64B6F2078}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Chave Deletedo : HKCU\Software\APN PIP
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\BrowserMngr
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\Microsoft\Babylon
Chave Deletedo : HKCU\Software\PIP
Chave Deletedo : HKCU\Software\visualbee
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\PIP
Chave Deletedo : HKLM\Software\qone8Software
Chave Deletedo : HKLM\Software\SafetyNut
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\V9
Chave Deletedo : HKLM\Software\winzipersvc
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16457

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\lourinaldo\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3385q.default-1400810480442\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : aaaaojmikegpiepcfdkkjaplodkpfmlo
Deletedo [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
Deletedo [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deletedo [Extension] : iefogiieekeeeeaiklglonbockmhmkgd
Deletedo [Extension] : ijblflkdjdopkpdgllkmlbgcffjbnfda
Deletedo [Extension] : omfoidjpeklpjhlhabhcomekbkclkbec

*************************

AdwCleaner[R0].txt - [24299 octets] - [26/05/2014 11:44:46]
AdwCleaner[S0].txt - [22222 octets] - [26/05/2014 11:45:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22283 octets] ##########
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 11:54

Qual antivirus você usa?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 12:00

Avast
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 12:01

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Seg 26 maio 2014, 13:46, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 12:41

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by lourinaldo on 26/05/2014 at 12:19:42,43.
Microsoft Windows 7 Ultimate  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\lourinaldo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-26-151032.log 279 bytes
C:\zoek-results2014-05-26-151208.log 1383 bytes

==== System Restore Info ======================

26/05/2014 12:21:41 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\LOURIN~1\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3385q.default-1400810480442\prefs.js:

Added to C:\Users\LOURIN~1\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3385q.default-1400810480442\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\LOURIN~1\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3385q.default-1400810480442

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_052014_1231_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\GUT5EC.tmp deleted
C:\Program Files\GUM5EB.tmp deleted
C:\Program Files\Browser Tab Search by Ask deleted
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk deleted
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk deleted
C:\Users\lourinaldo\AppData\Roaming\AutoGK.ini deleted
C:\Windows\system32\config\systemprofile\AppData\Roaming\DealPly deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\lourinaldo\AppData\Local\avgchrome deleted
C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\Plus-HD-2.3-chromeinstaller.job deleted
C:\Windows\tasks\Plus-HD-2.3-firefoxinstaller.job deleted
C:\Windows\tasks\Plus-HD-2.5-chromeinstaller.job deleted
C:\Windows\tasks\Plus-HD-2.5-codedownloader.job deleted
C:\Windows\tasks\Plus-HD-2.5-enabler.job deleted
C:\Windows\tasks\Plus-HD-2.5-firefoxinstaller.job deleted
C:\Windows\tasks\Plus-HD-2.5-updater.job deleted
C:\Windows\system32\tasks\Plus-HD-2.3-chromeinstaller deleted
C:\Windows\system32\tasks\Plus-HD-2.3-firefoxinstaller deleted
C:\Windows\system32\tasks\Plus-HD-2.5-chromeinstaller deleted
C:\Windows\system32\tasks\Plus-HD-2.5-codedownloader deleted
C:\Windows\system32\tasks\Plus-HD-2.5-enabler deleted
C:\Windows\system32\tasks\Plus-HD-2.5-firefoxinstaller deleted
C:\Windows\system32\tasks\Plus-HD-2.5-updater deleted
C:\Windows\system32\tasks\Baidu PC Faster Update deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
C:\Users\LOURIN~1\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3385q.default-1400810480442\extensions\firefox@mega.co.nz.xpi deleted
C:\Users\lourinaldo\AppData\Roaming\unins000.exe deleted

==== Folders Found ======================

2014-05-26 14:46:09 2014-05-26 14:46:09 -------- dc----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2013-09-28 18:01:09 2013-09-28 18:01:27 -------- dc----w- C:\ProgramData\Baidu Security
2013-09-28 18:01:09 2013-09-28 18:01:27 -------- dc----w- C:\Users\All Users\Baidu Security

==== Files Found ======================


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 3372
Created time: 2014-05-26 15:31:11
Modified time: 2013-09-28 18:01:26
MD5: 97671618836954BA395E84791DC664A6
SHA1: 6184BF18DB0B6AD12628AA2D08AED996E0B0A5E4


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3038395E-5F0F-47F3-888F-65E00CDE5A66}]
"Path"="\\Baidu PC Faster Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\101013-15662-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-29 10_14_24_0849rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\101013-15662-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-29 10_14_24_0849rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [21/10/2013 10:46]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\lourinaldo\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [19/05/2014 23:30]

==== Firefox Extensions ======================

ProfilePath: C:\Users\LOURIN~1\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3385q.default-1400810480442
- YouTube Center - %ProfilePath%\extensions\jid1-cwbvBTE216jjpg@jetpack.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\lourinaldo\AppData\Roaming\Mozilla\Firefox\Profiles\kzh3385q.default-1400810480442
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
B52EFEC8EEF9A7809376795ED3699826 - C:\Users\lourinaldo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
785105A23650755A8F7A72405EB0D923 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
3A9E1940B4459CC97FDCBB24FCB69004 - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
0FCEAA7D12B7B0BA825E5C770B1DCA48 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
60F0C2286E9DED9F049E00D60A21ECAE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eoccbpoodnckjdnackiffhjfkogfhnhh - C:\Program Files\VDownloader\Addons\Chrome.crx[]
gbdabnfmdemcjjadpkpjibhhacggangd - C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx[]
gmbbbaglfppalppkhidkpibfjnobmgkn - C:\Program Files\Google\Chrome\User Data\Default\Extensions\chrome.crx[]
hedkbjmpogijaikjjdmnfjpkohboikjg - C:\ProgramData\Download and Sa\hedkbjmpogijaikjjdmnfjpkohboikjg.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\lourinaldo\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[19/05/2014 23:30]

RealDownloader - lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
VisualBee - lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg
Google Wallet - lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Chrome Fix ======================

C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.22find.com_0.localstorage-journal deleted successfully
C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmkdohofefokfmbnlbgebdapndacfklg deleted successfully
C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kmkdohofefokfmbnlbgebdapndacfklg_0.localstorage deleted successfully
C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kmkdohofefokfmbnlbgebdapndacfklg_0.localstorage-journal deleted successfully
C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kmkdohofefokfmbnlbgebdapndacfklg_0 deleted successfully
C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kmkdohofefokfmbnlbgebdapndacfklg deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{125FF7AE-1A1C-E442-8F5C-35270E8C1357} Unknown  Url="Not_Found"
{258BC7BE-C72C-4DC3-9D18-E486290EEFFD} Google  Url="https://www.google.com/search?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3363274120-5957699-924577136-1000\Software\Microsoft\Internet Explorer\SearchScopes\{125FF7AE-1A1C-E442-8F5C-35270E8C1357} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\support@vdownloader.com deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\wrc@avast.com deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\lourinaldo\Desktop\AdwCleaner - Atalho.lnk - C:\Users\lourinaldo\Downloads\AdwCleaner.exe
C:\Users\lourinaldo\Desktop\Continue Internet Explorer 9.0.lnk - C:\Users\lourinaldo\Downloads\Internet%20Explorer%209.0.exe
C:\Users\lourinaldo\Desktop\ConvertXtoDVD 4.lnk - C:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\lourinaldo\Desktop\Debug - Atalho.lnk - C:\Program Files (x86)\Megamanchristian Games\God Of War Version Pc\Debug.exe
C:\Users\lourinaldo\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\lourinaldo\Desktop\pes2010 - Atalho.lnk - C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe
C:\Users\lourinaldo\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\lourinaldo\Desktop\Xadrez Master.lnk - C:\Program Files\RkSoft\Xadrez\xadrez.exe
C:\Users\lourinaldo\Desktop\µTorrent.lnk -  
C:\Users\lourinaldo\Desktop\Favoritos\Band SP  brcast.com.lnk - C:\Program Files\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] SP | brcast.com
C:\Users\lourinaldo\Desktop\Favoritos\Band SP Br Futebol.lnk - C:\Program Files\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] SP (Br Futebol)
C:\Users\lourinaldo\Desktop\Favoritos\Corinthians x Rio Claro  brcast.com.lnk - C:\Program Files\Megacubo\megacubo.exe
C:\Users\lourinaldo\Desktop\Favoritos\Corinthians x Santos  brcast.com.lnk - C:\Program Files\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] x Santos | brcast.com
C:\Users\lourinaldo\Desktop\Favoritos\ESPN Brasil Esportes TV.lnk - C:\Program Files\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Brasil (Esportes TV)
C:\Users\lourinaldo\Desktop\Favoritos\Esporte Interativo Master TV.lnk - C:\Program Files\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Interativo (Master TV)
C:\Users\lourinaldo\Desktop\Favoritos\Esporte Interativo NE - Nordeste.lnk - C:\Program Files\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Interativo NE - Nordeste
C:\Users\lourinaldo\Desktop\Favoritos\Futebol Ao Vivo Vertv100antena.lnk - C:\Program Files\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Ao Vivo (Vertv100antena)
C:\Users\lourinaldo\Desktop\Favoritos\Globo SP 1 GloboAoVivo.TV.lnk - C:\Program Files\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] SP 1 (GloboAoVivo.TV)
C:\Users\lourinaldo\Desktop\Favoritos\PFC - Premiere FC Esportes TV.lnk - C:\Program Files\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Premiere FC (Esportes TV)
C:\Users\lourinaldo\Desktop\Favoritos\SporTV TV Brasil.lnk - C:\Program Files\Megacubo\megacubo.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (TV Brasil)

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -  
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Central de Soluções HP.lnk -  
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\GoPlayer.lnk - C:\Program Files\GoPlayer\goplayer.exe
C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe
C:\Users\Public\Desktop\Megacubo.lnk - C:\Program Files\Megacubo\megacubo.exe
C:\Users\Public\Desktop\MiniTuner.lnk - C:\Program Files\Megacubo\megacubo.exe -load:tuner
C:\Users\Public\Desktop\Nero BackItUp 10.lnk - C:\Windows\Installer\{68AB6930-5BFF-4FF6-923B-516A91984FE6}\BackItUp._AB9F1F47710540918A47B78D2BED5DAD.exe
C:\Users\Public\Desktop\Nero Burning ROM 10.lnk - C:\Windows\Installer\{7A5D731D-B4B3-490E-B339-75685712BAAB}\ScBurningROMStartM_7533AE23D677474387D2A66427FA7052.exe
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe
C:\Users\Public\Desktop\RealPlayer.lnk - C:\program files\real\realplayer\realplay.exe /launch:desktop
C:\Users\Public\Desktop\Unreal Tournament 2004.lnk - C:\Program Files\Unreal Tournament 2004\System\UT2004.exe

==== shortcuts in Users Start Menu ======================

C:\Users\lourinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -  
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto™ Vice City.lnk -  

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AAA Logo.lnk - C:\Program Files\AAALOGO\alogo.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk - C:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Megacubo.lnk - C:\Program Files\Megacubo\megacubo.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\pes2010 - Atalho.lnk - C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent (2).lnk -  
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Megacubo.lnk - C:\Program Files\Megacubo\megacubo.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\lourinaldo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gbdabnfmdemcjjadpkpjibhhacggangd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gmbbbaglfppalppkhidkpibfjnobmgkn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\hedkbjmpogijaikjjdmnfjpkohboikjg deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeSysTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tok-Cirrhatus deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDownloader deleted successfully

==== Empty IE Cache ======================

C:\Users\lourinaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\lourinaldo\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\lourinaldo\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\lourinaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\lourinaldo\AppData\Local\Mozilla\Firefox\Profiles\kzh3385q.default-1400810480442\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=195 folders=27 108554948 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\lourinaldo\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\LOURIN~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\lourinaldo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 26/05/2014 at 12:39:45,31 ======================
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 13:45

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Seg 26 maio 2014, 15:50, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 14:32

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by lourinaldo on 26/05/2014 at 14:25:03,95.
Microsoft Windows 7 Ultimate  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\lourinaldo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-26-151032.log 279 bytes
C:\zoek-results2014-05-26-151208.log 1383 bytes
C:\zoek-results2014-05-26-153945.log 33772 bytes

==== System Restore Info ======================

26/05/2014 14:26:09 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3038395E-5F0F-47F3-888F-65E00CDE5A66}]
"Path"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3038395E-5F0F-47F3-888F-65E00CDE5A66}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Baidu PC Faster Update]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\101013-15662-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-29 10_14_24_0849rpdata.dat"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\101013-15662-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-09-29 10_14_24_0849rpdata.dat"=-

==== Deleting Files \ Folders ======================

C:\ProgramData\Baidu Security deleted

==== Folders Found ======================

2014-05-26 14:46:09 2014-05-26 14:46:09 -------- dc----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-26 17:28:01 2014-05-26 17:28:01 -------- dc--a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-26 17:28:01 2014-05-26 17:28:01 -------- dc--a-w- C:\zoek_backup\C_Users_All Users_Baidu Security

==== Files Found ======================


--- C:\zoek_backup\C_Windows_system32_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 3372
Created time: 2014-05-26 15:31:11
Modified time: 2013-09-28 18:01:26
MD5: 97671618836954BA395E84791DC664A6
SHA1: 6184BF18DB0B6AD12628AA2D08AED996E0B0A5E4


==== Registry Search Results for "Baidu" ======================


[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=195 folders=35 108555094 bytes)

==== EOF on 26/05/2014 at 14:30:17,35 ======================
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 14:39

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Seg 26 maio 2014, 15:50, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 14:58

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by lourinaldo on 26/05/2014 at 14:53:59,16.
Microsoft Windows 7 Ultimate  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\lourinaldo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-26-151032.log 279 bytes
C:\zoek-results2014-05-26-151208.log 1383 bytes
C:\zoek-results2014-05-26-153945.log 33772 bytes
C:\zoek-results2014-05-26-173017.log 10362 bytes

==== System Restore Info ======================

26/05/2014 14:54:28 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=195 folders=35 108555094 bytes)

==== EOF on 26/05/2014 at 14:55:37,76 ======================
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 15:31

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 15:46

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by lourinaldo on 26/05/2014 at 15:41:51,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3363274120-5957699-924577136-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3363274120-5957699-924577136-1000\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311341138}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311391106}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341126}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\lourinaldo\AppData\Roaming\mozilla\firefox\profiles\kzh3385q.default-1400810480442\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2014 at 15:44:37,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 15:49

CE_UmbrellaCert  772309 Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 16:05

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman  (24/05/2014)
~ Iniciado por lourinaldo (26/05/2014 16:02:45)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v35.0.1916.114

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit  (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1483.0
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v3.14

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 34 GB (11%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LOURINALDO-PC
~ User Name: lourinaldo
~ All Users Names: lourinaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\lourinaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\lourinaldo\AppData\Roaming\
~ %Desktop% : C:\Users\lourinaldo\Desktop\
~ %Favorites% : C:\Users\lourinaldo\Favorites\
~ %LocalAppData% : C:\Users\lourinaldo\AppData\Local\
~ %StartMenu% : C:\Users\lourinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 34 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 4 Go of 466 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.7FA3A810F383588D46220967DE8B64FF] - (.Microsoft Corporation - Internet Extensions para Win32.) (.28/01/2013 - 20:25:13.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/7
~ Mes musiques (My Musics) : 1/3423
~ Mes Videos (My Videos) : 1/119
~ Mes Favoris (My Favorites) : 1/32
~ Mes Documents (My Documents) : 1/136
~ Mon Bureau (My Desktop) : 1/783
~ Menu demarrer (Programs) : 1/31
~ Hidden Files:  Scanned in 00mn 03s



---\\ Processos lançados
[MD5.FD27F32A38E991E1BC45ABCE247DF382] - (.Beijing Xing Technology Co., Ltd. - Windows Update services.) -- C:\Program Files\Software Plate\svcgdp.exe   [92800] [PID.900]
[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe   [45248] [PID.1404]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe   [65432] [PID.1664]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.1908]
[MD5.B9FAFB1A036913B493F1E9D0C6324D2D] - (.VIA Technologies, Inc. - Service binary.) -- C:\Windows\system32\viakaraokesrv.exe   [27760] [PID.2028]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe   [4767304] [PID.2876]
[MD5.B5EE33F5A539036E93A806D65968093C] - (.No owner - WYunpeng MFC Application.) -- C:\Windows\USB Vibration\7906\USB Gamepad.exe   [704512] [PID.2892]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe   [295512] [PID.2916]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2980]
[MD5.60E844AE5920B75399DDBD9F3AE1C7A0] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   [1272400] [PID.3000]  =>P2P.BitTorrent
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53784] [PID.2308]
[MD5.0DA891CB0703D912CEAFA072F54D002B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe   [275568] [PID.1088]
[MD5.28B02EA673489A4EFBB20A9B302D523C] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe   [18544] [PID.3104]
[MD5.038053B5DB6B0DCFB32B7682334B7625] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe   [1863856] [PID.884]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7879168] [PID.3772]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe   [3179520] [PID.2340]
~ Processes Running:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\lourinaldo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{610AF794-9293-4129-9FAF-A81BBDFBFA14} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [lourinaldo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [lourinaldo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Run: [USB Gamepad] . (.No owner - WYunpeng MFC Application.) -- C:\Windows\USB Vibration\7906\USB Gamepad.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe   =>.RealNetworks, Inc
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3363274120-5957699-924577136-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll  =>.Microsoft Corporation
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FAC8FEB-1106-4DB3-9009-440663102F7B}: NameServer = 94.242.222.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{8FAC8FEB-1106-4DB3-9009-440663102F7B}: NameServer = 94.242.222.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{8FAC8FEB-1106-4DB3-9009-440663102F7B}: NameServer = 94.242.222.14
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll  =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify:  GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: software services (svcgdp) . (.Beijing Xing Technology Co., Ltd. - Windows Update services.) - C:\Program Files\Software Plate\svcgdp.exe
~ Services: 5 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{11B35BCA-B1DE-4D75-AB07-04C101D4B89D}] (...) -- C:\Users\lourinaldo\Office 2013\setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{293169D1-76F8-48DA-B044-212FD3346266}] (...) -- C:\Users\lourinaldo\Office 2013\setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{31D893E1-C143-4E62-B0E2-D421892FEB01}] (...) -- C:\Users\lourinaldo\Fernando\Fastboot - aj\Drivers LG P350F\Driver - 01.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{B29FC4FB-D1E8-4CF9-9662-28934C717AC2}] (...) -- C:\Users\lourinaldo\Office 2013\setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{C4720945-5B71-42EF-BF1C-C482B7D1DF35}] (...) -- C:\Users\lourinaldo\Office 2013\setup.exe (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\Tasks\AutoKMS.job   [210]  =>Trojan.Keygen
O39 - APT:  - (..) -- C:\Windows\Tasks\AutoKMSDaily.job   [204]  =>Trojan.Keygen
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1060]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1064]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\VisualBee-chromeinstaller   [1948]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\VisualBee-codedownloader   [1256]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\VisualBee-firefoxinstaller   [1872]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\VisualBee-updater   [1250]  =>PUP.CrossRider
~ Scheduled Task: 38 Legitimates Filtered in 00mn 03s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 69 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GoPlayer versão 3.6.3 - (.My Company, Inc..) [HKLM] -- {CE67AE10-CBE9-44ED-80C3-80044B560676}_is1
O42 - Logiciel: Xadrez Master 5.8.6 - (.RkSoft Desenvolvimentos.) [HKLM] -- Xadrez Master_is1
~ Logic: 16 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\GbAs]
[HKCU\Software\GoPlayer]
[HKCU\Software\Install]
[HKCU\Software\RkSoft]
[HKLM\Software\360Safe]
[HKLM\Software\GoPlayer]
[HKLM\Software\VBMZ]  =>PUP.Duuqu
~ Key Software: 229 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2014 - 16:02:35 - [] ----D C:\Program Files\GoPlayer
O43 - CFD: 05/10/2012 - 22:02:50 - [] ----D C:\Program Files\RkSoft
O43 - CFD: 26/05/2014 - 16:02:35 - [] ----D C:\Users\lourinaldo\AppData\Roaming\GoPlayer
O43 - CFD: 06/05/2014 - 15:51:33 - [] ----D C:\Users\lourinaldo\AppData\Roaming\MailUpdate
O43 - CFD: 23/08/2012 - 15:28:59 - [0] ----D C:\Users\lourinaldo\AppData\Local\Bron.tok-12-23  =>Worm.Brontok
O43 - CFD: 23/08/2012 - 19:43:01 - [] ----D C:\Users\lourinaldo\AppData\Local\Loc.Mail.Bron.Tok  =>Worm.Brontok
O43 - CFD: 23/08/2012 - 15:39:12 - [0] ----D C:\Users\lourinaldo\AppData\Local\Ok-SendMail-Bron-tok  =>Worm.Brontok
~ Program Folder: 161 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.58BA4FCB6F95B8F3DF221637B1B4CA00] - 14/05/2014 - 19:28:06 ---A- . (...) -- C:\Windows\IE11_main.log   [1218]
O44 - LFC:[MD5.7C08F4F0617AC7D6A989555AEF526EFE] - 15/05/2014 - 15:07:52 ---A- . (...) -- C:\Windows\DirectX.log   [1744]
O44 - LFC:[MD5.C505B7488EB5794FBDCF69DEED2D330B] - 23/05/2014 - 21:24:44 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_55-b14.log   [5428]
O44 - LFC:[MD5.473C7D8B8CAE6A67C6487B1D1BD7F3FB] - 25/05/2014 - 11:33:59 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [145668]
O44 - LFC:[MD5.4B4A3B1FC5691B208E2E33B7E5B0C6D7] - 25/05/2014 - 11:33:59 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [702882]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 26/05/2014 - 11:45:28 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll   [536576]
O44 - LFC:[MD5.51B2FD02E5BFFC5938E14833996A87D2] - 26/05/2014 - 12:10:32 ---A- . (...) -- C:\zoek-results2014-05-26-151032.log   [279]
O44 - LFC:[MD5.23773F32306AEF75218518CD582C9B64] - 26/05/2014 - 12:12:08 ---A- . (...) -- C:\zoek-results2014-05-26-151208.log   [1383]
O44 - LFC:[MD5.0AEC513713FC6CEDB541111C92F6F5DC] - 26/05/2014 - 12:39:45 ---A- . (...) -- C:\zoek-results2014-05-26-153945.log   [33772]
O44 - LFC:[MD5.2178C875925D18E82526778FCE2E1C2C] - 26/05/2014 - 14:30:17 ---A- . (...) -- C:\zoek-results2014-05-26-173017.log   [10362]
O44 - LFC:[MD5.460DF34E9ABED9D39AA0EB8D3D00546F] - 26/05/2014 - 14:55:37 ---A- . (...) -- C:\zoek-results.log   [1613]
~ Files: 24 Legitimates Filtered in 00mn 02s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\NTRedirect  [Key] . (...) -- C:\Users\lourinaldo\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (.not file.)  =>Hijacker.BabSolution
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys   [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys   [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys   [23168]
O58 - SDL:21/08/2012 - 19:12:18 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys   [64048]
O58 - SDL:28/06/2010 - 17:33:13 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\System32\Drivers\aswRdr.sys   [23376]
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49248]  =>.ALWIL Software
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [164736]  =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys   [49536]
O58 - SDL:27/02/2014 - 07:52:44 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys   [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:08/05/2014 - 02:41:45 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [38912]  =>Trojan.Staser
O58 - SDL:26/12/2006 - 09:30:20 R--A- . (.Windows (R) Codename Longhorn DDK provider - Generic Port I/O.) -- C:\Windows\System32\Drivers\PortIo.sys   [6656]
O58 - SDL:25/08/2012 - 18:54:02 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys   [477240]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:23/08/2012 - 23:17:30 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13024]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
O58 - SDL:04/10/2010 - 20:59:32 ---A- . (...) -- C:\Windows\System32\StarOpen.sys   [5632]
~ Drivers: 85 Legitimates Filtered in 00mn 12s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 08/05/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm)  .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 25/08/2012 - C:\Windows\system32\Drivers\sptd.sys (sptd)  .(.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) - LEGACY_SPTD
~ Legacy: 92 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {258BC7BE-C72C-4DC3-9D18-E486290EEFFD} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][25/08/2012] (...) -- C:\Users\lourinaldo\AppData\Roaming\inst.exe   [87608]
[MD5.2BA7812EB265CABD4C588C04F82775F2] [SPRF][12/10/2013] (...) -- C:\Users\lourinaldo\AppData\Roaming\unins000.dat   [17551]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\lourinaldo\Desktop\zoek.exe   [1285120]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{7D324738-6CBA-4AF4-9586-B27CB3A4EE1B}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{51786F39-6D7E-41CF-8830-0502D981059A}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{9B8FEF49-19EB-471D-A128-E5864A3B9DE3}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{6ED38748-3FBE-411D-AD34-41E3732F8F90}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 01s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS:  - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A91D34375B4647FF0F57E8076EC72B1B] [WIS][08/08/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\116d134.msi   [343040]  =>PUP.Babylon
[MD5.9419559E26D53CC34862DF9B558A2917] [WIS][30/10/2012] (.Babylon Ltd - Babylon Chrome Toolbar.) -- C:\Windows\Installer\e9a943.msi   [354816]  =>PUP.Babylon
~ WIS: 2 Legitimates Filtered in 00mn 03s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BeamriseSetup_RASAPI32  =>Hijacker.Beamrise
HKLM\SOFTWARE\Microsoft\Tracing\BeamriseSetup_RASMANCS  =>Hijacker.Beamrise
HKLM\SOFTWARE\Microsoft\Tracing\biSetup35361_RASAPI32  =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\biSetup35361_RASMANCS  =>Adware.MegaSearch
HKLM\SOFTWARE\Microsoft\Tracing\delta-homes_RASAPI32  =>Toolbar.DeltaSearch
HKLM\SOFTWARE\Microsoft\Tracing\delta-homes_RASMANCS  =>Toolbar.DeltaSearch
HKLM\SOFTWARE\Microsoft\Tracing\deskSvc_RASAPI32  =>Hijacker.22Find
HKLM\SOFTWARE\Microsoft\Tracing\deskSvc_RASMANCS  =>Hijacker.22Find
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_Setup_RASAPI32  =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_Setup_RASMANCS  =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_sm_RASAPI32  =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_sm_RASMANCS  =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_8CA8B41417E66DEB_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_8CA8B41417E66DEB_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS  =>Trojan.Staser
HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_BrowserTabSearch_RASAPI32  =>PUP.Datamngr
HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_BrowserTabSearch_RASMANCS  =>PUP.Datamngr
HKLM\SOFTWARE\Microsoft\Tracing\updateDiVapton_RASAPI32  =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\updateDiVapton_RASMANCS  =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASAPI32  =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASMANCS  =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32  =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS  =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\vbmz11_RASAPI32  =>PUP.Duuqu
HKLM\SOFTWARE\Microsoft\Tracing\vbmz11_RASMANCS  =>PUP.Duuqu
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-codedownloader_RASAPI32  =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-codedownloader_RASMANCS  =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-updater_RASAPI32  =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-updater_RASMANCS  =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\visualbee_RASAPI32  =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\visualbee_RASMANCS  =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdaterV2_RASAPI32  =>PUP.Wajam
HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdaterV2_RASMANCS  =>PUP.Wajam
~ BTK: 516 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 23/08/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/08/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 25/03/2010 490280 |  (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 06/03/2013 45248 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 24/09/2012 92800 |  (svcgdp) . (.Beijing Xing Technology Co., Ltd..) - C:\Program Files\Software Plate\svcgdp.exe
SR - | Auto 04/05/2012 27760 |  (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 09s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:25/08/2012 - 18:54:02 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys   [477240]
~ Emulateurs:  Scanned in 00mn 09s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 3
Dossiers trouvés  (Folders found) : 4
Fichiers trouvés  (Files found) : 9

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\NTRedirect]   =>Hijacker.BabSolution^
[HKLM\Software\VBMZ]   =>Toolbar.Conduit
[HKLM\Software\360Safe]   =>Trojan.Lozavita
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{66F57190-01EB-45A6-8260-7895267209F7}]   =>Adware.VisualBeeToolbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{610AF794-9293-4129-9FAF-A81BBDFBFA14}]   =>Adware.VisualBeeToolbar
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341138}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311391106}]   =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent   =>P2P.BitTorrent^
C:\Users\lourinaldo\AppData\Local\Bron.tok-12-23   =>Worm.Brontok^
C:\Users\lourinaldo\AppData\Local\Loc.Mail.Bron.Tok   =>Worm.Brontok^
C:\Users\lourinaldo\AppData\Local\Ok-SendMail-Bron-tok   =>Worm.Brontok^
C:\Users\lourinaldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec   =>PUP.CrossRider
C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent^
C:\Windows\Tasks\AutoKMS.job   =>Trojan.Keygen^
C:\Windows\Tasks\AutoKMSDaily.job   =>Trojan.Keygen^
C:\Windows\System32\Tasks\VisualBee-chromeinstaller   =>PUP.CrossRider^
C:\Windows\System32\Tasks\VisualBee-codedownloader   =>PUP.CrossRider^
C:\Windows\System32\Tasks\VisualBee-firefoxinstaller   =>PUP.CrossRider^
C:\Windows\System32\Tasks\VisualBee-updater   =>PUP.CrossRider^
C:\Windows\Installer\116d134.msi   =>PUP.Babylon^
C:\Windows\Installer\e9a943.msi   =>PUP.Babylon^
~ Additionnel Scan: 251122 Items scanned in 00mn 23s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Duuqu
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Worm.Brontok
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.BabSolution
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Trojan.Staser
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.Beamrise
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.MegaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Toolbar.DeltaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Hijacker.22Find
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.DiVapton
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Datamngr
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.VisualBeeToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.Wajam
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Toolbar.Conduit
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Trojan.Lozavita
~ MSI: 16 link(s) detected in 00mn 00s



~ 763 Legitimates filtered by white list
End of the scan (582 lines in 01mn 15s)(0)
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 16:24

CE_UmbrellaCert  772309  Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_____________________________________________________________________________________________________________

CE_UmbrellaCert  772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

CE_UmbrellaCert  772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Seg 26 maio 2014, 17:59, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 16:43

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by lourinaldo at 26/05/2014 16:42:11
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit  (Build 7600)

Reciclagem vazia (00mn 06s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\VBMZ
ELIMINÉ:  StartupReg: NTRedirect
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BeamriseSetup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BeamriseSetup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biSetup35361_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\biSetup35361_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\deskSvc_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\deskSvc_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_Setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_Setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_sm_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\DiVapton_sm_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeSvc2_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafeUpdate_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\iSafe_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_BrowserTabSearch_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_BrowserTabSearch_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateDiVapton_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateDiVapton_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\vbmz11_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\vbmz11_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-codedownloader_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-codedownloader_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-updater_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\VisualBee-updater_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\visualbee_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\visualbee_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdaterV2_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdaterV2_RASMANCS
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{66F57190-01EB-45A6-8260-7895267209F7}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{610AF794-9293-4129-9FAF-A81BBDFBFA14}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341138}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311391106}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {610AF794-9293-4129-9FAF-A81BBDFBFA14}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\tasks\visualbee-chromeinstaller
ELIMINÉ: c:\windows\system32\tasks\visualbee-codedownloader
ELIMINÉ: c:\windows\system32\tasks\visualbee-firefoxinstaller
ELIMINÉ: c:\windows\system32\tasks\visualbee-updater
ELIMINÉ: c:\windows\system32\drivers\isafekrnlboot.sys
ELIMINÉ: C:\Windows\Installer\116d134.msi
ELIMINÉ: C:\Windows\Installer\e9a943.msi
ELIMINÉ Temporários windows (118) (1.910.878 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {11B35BCA-B1DE-4D75-AB07-04C101D4B89D}
ELIMINÉ: {293169D1-76F8-48DA-B044-212FD3346266}
ELIMINÉ: {31D893E1-C143-4E62-B0E2-D421892FEB01}
ELIMINÉ: {B29FC4FB-D1E8-4CF9-9662-28934C717AC2}
ELIMINÉ: {C4720945-5B71-42EF-BF1C-C482B7D1DF35}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
38 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
9 : Ficheiros
5 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 59s

========== Caminho do ficheiro do relatório ==========
C:\Users\lourinaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/05/2014 16:42:17 [4487]
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 16:44

CE_UmbrellaCert  772309  Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 16:59

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman  (24/05/2014)
~ Iniciado por lourinaldo (26/05/2014 16:56:36)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v35.0.1916.114

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit  (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1483.0
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v3.14

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 32 GB (10%) free of 298 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LOURINALDO-PC
~ User Name: lourinaldo
~ All Users Names: lourinaldo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\lourinaldo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\lourinaldo\AppData\Roaming\
~ %Desktop% : C:\Users\lourinaldo\Desktop\
~ %Favorites% : C:\Users\lourinaldo\Favorites\
~ %LocalAppData% : C:\Users\lourinaldo\AppData\Local\
~ %StartMenu% : C:\Users\lourinaldo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 32 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Hard drive, Flash drive, Thumb drive (Free 4 Go of 466 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2009 - 22:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.7FA3A810F383588D46220967DE8B64FF] - (.Microsoft Corporation - Internet Extensions para Win32.) (.28/01/2013 - 20:25:13.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:12:38.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:14:17.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:14:26.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/7
~ Mes musiques (My Musics) : 1/3423
~ Mes Videos (My Videos) : 1/119
~ Mes Favoris (My Favorites) : 1/32
~ Mes Documents (My Documents) : 1/136
~ Mon Bureau (My Desktop) : 1/784
~ Menu demarrer (Programs) : 1/31
~ Hidden Files:  Scanned in 00mn 01s



---\\ Processos lançados
[MD5.FD27F32A38E991E1BC45ABCE247DF382] - (.Beijing Xing Technology Co., Ltd. - Windows Update services.) -- C:\Program Files\Software Plate\svcgdp.exe   [92800] [PID.900]
[MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe   [45248] [PID.1404]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe   [65432] [PID.1664]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.1908]
[MD5.B9FAFB1A036913B493F1E9D0C6324D2D] - (.VIA Technologies, Inc. - Service binary.) -- C:\Windows\system32\viakaraokesrv.exe   [27760] [PID.2028]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe   [4767304] [PID.2876]
[MD5.B5EE33F5A539036E93A806D65968093C] - (.No owner - WYunpeng MFC Application.) -- C:\Windows\USB Vibration\7906\USB Gamepad.exe   [704512] [PID.2892]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe   [295512] [PID.2916]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2980]
[MD5.60E844AE5920B75399DDBD9F3AE1C7A0] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   [1272400] [PID.3000]  =>P2P.BitTorrent
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53784] [PID.2308]
[MD5.0DA891CB0703D912CEAFA072F54D002B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe   [275568] [PID.4372]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7879168] [PID.5008]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe   [3179520] [PID.5488]
~ Processes Running:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\lourinaldo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [lourinaldo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [lourinaldo]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3363274120-5957699-924577136-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll  =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll  =>.Microsoft Corporation
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FAC8FEB-1106-4DB3-9009-440663102F7B}: NameServer = 94.242.222.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{8FAC8FEB-1106-4DB3-9009-440663102F7B}: NameServer = 94.242.222.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{8FAC8FEB-1106-4DB3-9009-440663102F7B}: NameServer = 94.242.222.14
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll  =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify:  GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: software services (svcgdp) . (.Beijing Xing Technology Co., Ltd. - Windows Update services.) - C:\Program Files\Software Plate\svcgdp.exe
~ Services: 5 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\Tasks\AutoKMS.job   [210]  =>Trojan.Keygen
O39 - APT:  - (..) -- C:\Windows\Tasks\AutoKMSDaily.job   [204]  =>Trojan.Keygen
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1060]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1064]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 69 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GoPlayer versão 3.6.3 - (.My Company, Inc..) [HKLM] -- {CE67AE10-CBE9-44ED-80C3-80044B560676}_is1
O42 - Logiciel: Xadrez Master 5.8.6 - (.RkSoft Desenvolvimentos.) [HKLM] -- Xadrez Master_is1
~ Logic: 16 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\GbAs]
[HKCU\Software\GoPlayer]
[HKCU\Software\Install]
[HKCU\Software\RkSoft]
[HKLM\Software\GoPlayer]
~ Key Software: 227 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2014 - 16:56:38 - [] ----D C:\Program Files\GoPlayer
O43 - CFD: 05/10/2012 - 22:02:50 - [] ----D C:\Program Files\RkSoft
O43 - CFD: 26/05/2014 - 16:56:38 - [] ----D C:\Users\lourinaldo\AppData\Roaming\GoPlayer
O43 - CFD: 06/05/2014 - 15:51:33 - [] ----D C:\Users\lourinaldo\AppData\Roaming\MailUpdate
~ Program Folder: 158 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.58BA4FCB6F95B8F3DF221637B1B4CA00] - 14/05/2014 - 19:28:06 ---A- . (...) -- C:\Windows\IE11_main.log   [1218]
O44 - LFC:[MD5.7C08F4F0617AC7D6A989555AEF526EFE] - 15/05/2014 - 15:07:52 ---A- . (...) -- C:\Windows\DirectX.log   [1744]
O44 - LFC:[MD5.C505B7488EB5794FBDCF69DEED2D330B] - 23/05/2014 - 21:24:44 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_55-b14.log   [5428]
O44 - LFC:[MD5.473C7D8B8CAE6A67C6487B1D1BD7F3FB] - 25/05/2014 - 11:33:59 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [145668]
O44 - LFC:[MD5.4B4A3B1FC5691B208E2E33B7E5B0C6D7] - 25/05/2014 - 11:33:59 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [702882]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 26/05/2014 - 11:45:28 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll   [536576]
O44 - LFC:[MD5.51B2FD02E5BFFC5938E14833996A87D2] - 26/05/2014 - 12:10:32 ---A- . (...) -- C:\zoek-results2014-05-26-151032.log   [279]
O44 - LFC:[MD5.23773F32306AEF75218518CD582C9B64] - 26/05/2014 - 12:12:08 ---A- . (...) -- C:\zoek-results2014-05-26-151208.log   [1383]
O44 - LFC:[MD5.0AEC513713FC6CEDB541111C92F6F5DC] - 26/05/2014 - 12:39:45 ---A- . (...) -- C:\zoek-results2014-05-26-153945.log   [33772]
O44 - LFC:[MD5.2178C875925D18E82526778FCE2E1C2C] - 26/05/2014 - 14:30:17 ---A- . (...) -- C:\zoek-results2014-05-26-173017.log   [10362]
O44 - LFC:[MD5.460DF34E9ABED9D39AA0EB8D3D00546F] - 26/05/2014 - 14:55:37 ---A- . (...) -- C:\zoek-results.log   [1613]
~ Files: 24 Legitimates Filtered in 00mn 01s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys   [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys   [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys   [23168]
O58 - SDL:21/08/2012 - 19:12:18 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys   [64048]
O58 - SDL:28/06/2010 - 17:33:13 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\System32\Drivers\aswRdr.sys   [23376]
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49248]  =>.ALWIL Software
O58 - SDL:06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [164736]  =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys   [49536]
O58 - SDL:27/02/2014 - 07:52:44 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys   [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:26/12/2006 - 09:30:20 R--A- . (.Windows (R) Codename Longhorn DDK provider - Generic Port I/O.) -- C:\Windows\System32\Drivers\PortIo.sys   [6656]
O58 - SDL:25/08/2012 - 18:54:02 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys   [477240]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:23/08/2012 - 23:17:30 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys   [13024]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
O58 - SDL:04/10/2010 - 20:59:32 ---A- . (...) -- C:\Windows\System32\StarOpen.sys   [5632]
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 08/05/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm)  .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 25/08/2012 - C:\Windows\system32\Drivers\sptd.sys (sptd)  .(.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) - LEGACY_SPTD
~ Legacy: 92 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {258BC7BE-C72C-4DC3-9D18-E486290EEFFD} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][25/08/2012] (...) -- C:\Users\lourinaldo\AppData\Roaming\inst.exe   [87608]
[MD5.2BA7812EB265CABD4C588C04F82775F2] [SPRF][12/10/2013] (...) -- C:\Users\lourinaldo\AppData\Roaming\unins000.dat   [17551]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\lourinaldo\Desktop\zoek.exe   [1285120]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{7D324738-6CBA-4AF4-9586-B27CB3A4EE1B}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{51786F39-6D7E-41CF-8830-0502D981059A}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{9B8FEF49-19EB-471D-A128-E5864A3B9DE3}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{6ED38748-3FBE-411D-AD34-41E3732F8F90}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 00s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS:  - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\delta-homes_RASAPI32  =>Toolbar.DeltaSearch
HKLM\SOFTWARE\Microsoft\Tracing\delta-homes_RASMANCS  =>Toolbar.DeltaSearch
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_full_signed_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_8CA8B41417E66DEB_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_8CA8B41417E66DEB_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASAPI32  =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASMANCS  =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32  =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS  =>P2P.µTorrent
~ BTK: 486 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 23/08/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/08/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 25/03/2010 490280 |  (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe
SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 06/03/2013 45248 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Demand 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 24/09/2012 92800 |  (svcgdp) . (.Beijing Xing Technology Co., Ltd..) - C:\Program Files\Software Plate\svcgdp.exe
SR - | Auto 04/05/2012 27760 |  (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 07s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:25/08/2012 - 18:54:02 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys   [477240]
~ Emulateurs:  Scanned in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 3
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 3

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent   =>P2P.BitTorrent^
C:\Users\lourinaldo\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent^
C:\Windows\Tasks\AutoKMS.job   =>Trojan.Keygen^
C:\Windows\Tasks\AutoKMSDaily.job   =>Trojan.Keygen^
~ Additionnel Scan: 250852 Items scanned in 00mn 18s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Toolbar.DeltaSearch
~ MSI: 1 link(s) detected in 00mn 00s



~ 744 Legitimates filtered by white list
End of the scan (479 lines in 00mn 47s)(0)
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 17:19

CE_UmbrellaCert  772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

CE_UmbrellaCert  772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Seg 26 maio 2014, 17:59, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 17:35

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by lourinaldo at 26/05/2014 17:35:19
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit  (Build 7600)

Reciclagem vazia (00mn 02s)

========== Chaves do Registo ==========
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\delta-homes_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\delta-homes_RASMANCS

========== Valores do Registo ==========
ELIMINÉ RunValue: Sidebar

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
2 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 14s

========== Caminho do ficheiro do relatório ==========
C:\Users\lourinaldo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/05/2014 16:42:17 [4572]
C:\Users\lourinaldo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 26/05/2014 17:35:22 [1098]
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 17:40

Como está o PC?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Fernando Diego Seg 26 maio 2014, 17:47

O pc está visielmente melhor, as mensagens do  CE_UmbrellaCert desaparecem e o computador está mais rápido e até agora não está travando quando acesso a internet. Muito obrigado mesmo, vc me ajudou muito.
Fernando Diego
Fernando Diego
Iniciante
Iniciante

Mensagens : 12
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Power Max Seg 26 maio 2014, 17:58

isso aí! Fico feliz que o problema tenha sido resolvido.

CE_UmbrellaCert  772309 Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

CE_UmbrellaCert  772309 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

CE_UmbrellaCert  648673379 Foi um prazer ajudar. Conte sempre conosco!

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Danii Seg 26 maio 2014, 18:28

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii
Danii
Membro Pleno
Membro Pleno

Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil

Ir para o topo Ir para baixo

CE_UmbrellaCert  Empty Re: CE_UmbrellaCert

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Ir para o topo


 
Permissões neste sub-fórum
Não podes responder a tópicos