Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14807 usuários registradosO último membro registrado é Costa24
Os nossos membros postaram um total de 36045 mensagens em 3685 assuntos
Quem está conectado?
Há 25 usuários online :: 0 registrados, 0 invisíveis e 25 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Laptop infectado
3 participantes
Página 1 de 1
Laptop infectado
Olá,
gostaria de ajuda para medicar meu laptop, ele esta pedindo agua e eu nao estou dando conta de tanto adware nos instaladores....
eu uso o Avira personal, e o COMODO firewall
preciso de softwares eficientes e específicos para grande parte das categorias (adwares, keyloggers, worms, trojan, rootkits principalmente etc...)
agradeço desde já!
gostaria de ajuda para medicar meu laptop, ele esta pedindo agua e eu nao estou dando conta de tanto adware nos instaladores....
eu uso o Avira personal, e o COMODO firewall
preciso de softwares eficientes e específicos para grande parte das categorias (adwares, keyloggers, worms, trojan, rootkits principalmente etc...)
agradeço desde já!
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
Olá . Seja bem vindo ao Fórum PC Brasil.
Vou iniciar a verificação contigo e posteriormente o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] dará continuidade ok.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Vou iniciar a verificação contigo e posteriormente o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] dará continuidade ok.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Re: Laptop infectado
# AdwCleaner v3.211 - Report created 26/05/2014 at 20:16:13
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Marcelo - MARCELO-PC
# Running from : C:\Users\Marcelo\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : IePluginServices
[#] Service Deleted : Wpm
[#] Service Deleted : yewimmxqbs64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\webget
Folder Deleted : C:\Program Files\002
Folder Deleted : C:\Program Files\RrSavings
Folder Deleted : C:\Users\Marcelo\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Marcelo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\baidu
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\cacaoweb
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Public\Documents\baidu
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\Extensions\cacaoweb@cacaoweb.org
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\Extensions\quick_start@gmail.com
Folder Deleted : C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Marcelo\daemonprocess.txt
File Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
File Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\searchplugins\trovi-search.xml
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Offline Email Notifier for Gmail™.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\f4dad1b63ab815
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_boniatti-financial_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_boniatti-financial_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_connectify-hotspot_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_connectify-hotspot_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_everest-portable_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_everest-portable_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pascal-zim_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pascal-zim_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\webget
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\sweet-pageSoftware
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\webget
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\RrSavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RrSavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webget
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16798
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ File : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js ]
Line Deleted : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1750559.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.CurrentServerDate", "20-8-2010");
Line Deleted : user_pref("CT1750559.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1750559.FirstServerDate", "20-8-2010");
Line Deleted : user_pref("CT1750559.FirstTime", true);
Line Deleted : user_pref("CT1750559.FirstTimeFF3", true);
Line Deleted : user_pref("CT1750559.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1750559.Initialize", true);
Line Deleted : user_pref("CT1750559.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1750559.InstalledDate", "Fri Aug 20 2010 12:35:02 GMT-0300");
Line Deleted : user_pref("CT1750559.InvalidateCache", false);
Line Deleted : user_pref("CT1750559.IsGrouping", false);
Line Deleted : user_pref("CT1750559.IsMulticommunity", false);
Line Deleted : user_pref("CT1750559.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT1750559.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT1750559.LanguagePackLastCheckTime", "Fri Aug 20 2010 12:35:13 GMT-0300");
Line Deleted : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1750559.LastLogin_2.5.6.0", "Fri Aug 20 2010 12:35:03 GMT-0300");
Line Deleted : user_pref("CT1750559.LatestVersion", "2.7.2.0");
Line Deleted : user_pref("CT1750559.Locale", "en-us");
Line Deleted : user_pref("CT1750559.LoginCache", 4);
Line Deleted : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1750559.RadioIsPodcast", false);
Line Deleted : user_pref("CT1750559.RadioLastCheckTime", "Fri Aug 20 2010 12:35:04 GMT-0300");
Line Deleted : user_pref("CT1750559.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT1750559.RadioMediaID", "11237206");
Line Deleted : user_pref("CT1750559.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Line Deleted : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Line Deleted : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Line Deleted : user_pref("CT1750559.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT1750559.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1750559&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=");
Line Deleted : user_pref("CT1750559.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.SearchInNewTabLastCheckTime", "Fri Aug 20 2010 12:35:04 GMT-0300");
Line Deleted : user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1750559.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1750559.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT1750559.SettingsLastCheckTime", "Fri Aug 20 2010 12:34:58 GMT-0300");
Line Deleted : user_pref("CT1750559.SettingsLastUpdate", "1279810519");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Fri Aug 20 2010 12:34:58 GMT-0300");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT1750559.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT1750559.UserID", "UN12240769900171378");
Line Deleted : user_pref("CT1750559.WeatherNetwork", "");
Line Deleted : user_pref("CT1750559.WeatherPollDate", "Fri Aug 20 2010 12:35:09 GMT-0300");
Line Deleted : user_pref("CT1750559.WeatherUnit", "C");
Line Deleted : user_pref("CT1750559.alertChannelId", "31130");
Line Deleted : user_pref("CT1750559.clientLogIsEnabled", false);
Line Deleted : user_pref("CT1750559.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1750559.myStuffEnabled", true);
Line Deleted : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1750559.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1750559.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Line Deleted : user_pref("browser.search.defaultenginename", "sweet-page");
Line Deleted : user_pref("browser.search.selectedEngine", "sweet-page");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.sweet-page.com/?type=hppp&ts=1400125642&from=cor&uid=TOSHIBAXMK3256GSY_Y9JMT4VKTXXY9JMT4VKT");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "d24826dd0000000000000026c60f464d");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15649");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d24826dd0000000000000026c60f464d&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111738&tt=100512_2_");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d24826dd0000000000000026c60f464d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "d24826dd0000000000000026c60f464d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15470");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.822:12:41");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.80\",\"d\":\"051314\"},\"h\":{\"pogo.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/connect\\\\.facebook\\\\.net\\\\/en_US\\\\/all\\\\.js$/i\"]}]}[...]
Line Deleted : user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.71\",\"d\":\"050714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp://ads.adtrustmedia.com/con[...]
Line Deleted : user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B%0A%09de[...]
Line Deleted : user_pref("extensions.trusted-ads.suggestions", "{\"u\":{\"v\":\"1.19\",\"d\":\"041614\"},\"t\":\"Verified Official Site\",\"s\":[{\"k\":\"amaz\",\"t\":\"amazon.com\",\"v\":\"[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
-\\ Google Chrome v
[ File : C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
*************************
AdwCleaner[R0].txt - [23522 octets] - [26/05/2014 20:13:00]
AdwCleaner[S0].txt - [20899 octets] - [26/05/2014 20:16:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20960 octets] ##########
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Marcelo - MARCELO-PC
# Running from : C:\Users\Marcelo\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : IePluginServices
[#] Service Deleted : Wpm
[#] Service Deleted : yewimmxqbs64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\webget
Folder Deleted : C:\Program Files\002
Folder Deleted : C:\Program Files\RrSavings
Folder Deleted : C:\Users\Marcelo\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Marcelo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\baidu
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\cacaoweb
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Public\Documents\baidu
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\Extensions\cacaoweb@cacaoweb.org
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\Extensions\quick_start@gmail.com
Folder Deleted : C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Marcelo\daemonprocess.txt
File Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
File Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\searchplugins\trovi-search.xml
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Offline Email Notifier for Gmail™.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\f4dad1b63ab815
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_boniatti-financial_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_boniatti-financial_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_connectify-hotspot_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_connectify-hotspot_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_everest-portable_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_everest-portable_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pascal-zim_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pascal-zim_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\webget
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\sweet-pageSoftware
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\webget
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\RrSavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RrSavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webget
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16798
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ File : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js ]
Line Deleted : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1750559.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.CurrentServerDate", "20-8-2010");
Line Deleted : user_pref("CT1750559.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1750559.FirstServerDate", "20-8-2010");
Line Deleted : user_pref("CT1750559.FirstTime", true);
Line Deleted : user_pref("CT1750559.FirstTimeFF3", true);
Line Deleted : user_pref("CT1750559.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1750559.Initialize", true);
Line Deleted : user_pref("CT1750559.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1750559.InstalledDate", "Fri Aug 20 2010 12:35:02 GMT-0300");
Line Deleted : user_pref("CT1750559.InvalidateCache", false);
Line Deleted : user_pref("CT1750559.IsGrouping", false);
Line Deleted : user_pref("CT1750559.IsMulticommunity", false);
Line Deleted : user_pref("CT1750559.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT1750559.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT1750559.LanguagePackLastCheckTime", "Fri Aug 20 2010 12:35:13 GMT-0300");
Line Deleted : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1750559.LastLogin_2.5.6.0", "Fri Aug 20 2010 12:35:03 GMT-0300");
Line Deleted : user_pref("CT1750559.LatestVersion", "2.7.2.0");
Line Deleted : user_pref("CT1750559.Locale", "en-us");
Line Deleted : user_pref("CT1750559.LoginCache", 4);
Line Deleted : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1750559.RadioIsPodcast", false);
Line Deleted : user_pref("CT1750559.RadioLastCheckTime", "Fri Aug 20 2010 12:35:04 GMT-0300");
Line Deleted : user_pref("CT1750559.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT1750559.RadioMediaID", "11237206");
Line Deleted : user_pref("CT1750559.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Line Deleted : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Line Deleted : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Line Deleted : user_pref("CT1750559.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT1750559.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1750559&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=");
Line Deleted : user_pref("CT1750559.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.SearchInNewTabLastCheckTime", "Fri Aug 20 2010 12:35:04 GMT-0300");
Line Deleted : user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1750559.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1750559.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT1750559.SettingsLastCheckTime", "Fri Aug 20 2010 12:34:58 GMT-0300");
Line Deleted : user_pref("CT1750559.SettingsLastUpdate", "1279810519");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Fri Aug 20 2010 12:34:58 GMT-0300");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT1750559.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT1750559.UserID", "UN12240769900171378");
Line Deleted : user_pref("CT1750559.WeatherNetwork", "");
Line Deleted : user_pref("CT1750559.WeatherPollDate", "Fri Aug 20 2010 12:35:09 GMT-0300");
Line Deleted : user_pref("CT1750559.WeatherUnit", "C");
Line Deleted : user_pref("CT1750559.alertChannelId", "31130");
Line Deleted : user_pref("CT1750559.clientLogIsEnabled", false);
Line Deleted : user_pref("CT1750559.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1750559.myStuffEnabled", true);
Line Deleted : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1750559.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1750559.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Line Deleted : user_pref("browser.search.defaultenginename", "sweet-page");
Line Deleted : user_pref("browser.search.selectedEngine", "sweet-page");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.sweet-page.com/?type=hppp&ts=1400125642&from=cor&uid=TOSHIBAXMK3256GSY_Y9JMT4VKTXXY9JMT4VKT");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "d24826dd0000000000000026c60f464d");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15649");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d24826dd0000000000000026c60f464d&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111738&tt=100512_2_");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d24826dd0000000000000026c60f464d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "d24826dd0000000000000026c60f464d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15470");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.822:12:41");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.80\",\"d\":\"051314\"},\"h\":{\"pogo.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/connect\\\\.facebook\\\\.net\\\\/en_US\\\\/all\\\\.js$/i\"]}]}[...]
Line Deleted : user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.71\",\"d\":\"050714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp://ads.adtrustmedia.com/con[...]
Line Deleted : user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B%0A%09de[...]
Line Deleted : user_pref("extensions.trusted-ads.suggestions", "{\"u\":{\"v\":\"1.19\",\"d\":\"041614\"},\"t\":\"Verified Official Site\",\"s\":[{\"k\":\"amaz\",\"t\":\"amazon.com\",\"v\":\"[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
-\\ Google Chrome v
[ File : C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
*************************
AdwCleaner[R0].txt - [23522 octets] - [26/05/2014 20:13:00]
AdwCleaner[S0].txt - [20899 octets] - [26/05/2014 20:16:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20960 octets] ##########
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
ANTECIPANDO - segue a seguir o relatório do ZOEK
-
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Marcelo on 26/05/2014 at 20:36:16,29.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Marcelo\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} deleted successfully
HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F1846CBD-F074-412E-842E-3E236808537F} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js:
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js:
ProfilePath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_052014_2045_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\GUT2C9D.tmp deleted
C:\PROGRA~2\GUT39B3.tmp deleted
C:\PROGRA~2\GUT452D.tmp deleted
C:\PROGRA~2\GUT5494.tmp deleted
C:\PROGRA~2\GUTA9E6.tmp deleted
C:\PROGRA~2\GUTACE8.tmp deleted
C:\PROGRA~2\GUTAD9D.tmp deleted
C:\PROGRA~2\GUTD144.tmp deleted
C:\PROGRA~2\GUTE0CD.tmp deleted
C:\PROGRA~2\GUM2C9C.tmp deleted
C:\PROGRA~2\GUM39A2.tmp deleted
C:\PROGRA~2\GUM452C.tmp deleted
C:\PROGRA~2\GUM5493.tmp deleted
C:\PROGRA~2\GUMA9B6.tmp deleted
C:\PROGRA~2\GUMAD8D.tmp deleted
C:\PROGRA~2\GUMD143.tmp deleted
C:\PROGRA~2\GUME0CC.tmp deleted
C:\PROGRA~2\SqueakyChocolate deleted
C:\Users\Marcelo\AppData\Local\cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\user.js deleted
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\extensions\firefox@webwebget.com.xpi deleted
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\jetpack deleted
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\extensions\PrivDog@AdTrustMedia.com deleted
"C:\Users\Marcelo\AppData\Local\{533987F3-AAB2-4496-8142-B15387EC103B}" deleted
"C:\Users\Marcelo\AppData\Roaming\nswb\icr.dll" deleted
"C:\Users\Marcelo\AppData\Roaming\Faces\Faces.prf" deleted
"C:\Users\Marcelo\AppData\Roaming\nswb" deleted
"C:\Users\Marcelo\AppData\Roaming\Faces" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn" []
==== Firefox Extensions ======================
ProfilePath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default
- BlackSheep - %ProfilePath%\extensions\jsobrier@zscaler.com
- SmileysWeLove: Smileys for use with Facebook GMail and more - %ProfilePath%\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi
- PrivDog - %ProfilePath%\extensions\PrivDog@AdTrustMedia.com.xpi
- Torbutton - %ProfilePath%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
785105A23650755A8F7A72405EB0D923 - C:\Users\Marcelo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Marcelo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
855B79451ECF62602F20EB4D5C71F99B - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
33E87713C7FE08C5F861E2819ED33A0E - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
==== Deleted Firefox Extensions ======================
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
Comodo DragDrop Service - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
PrivDog - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Comodo Share Page Service - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
Google Wallet - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Offline Email Notifier for Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\clemkkclfcecinlbelmbmmfbclaeifpj
Adblock for Youtube - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk
Google Search - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Sigerson Morrison - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcpgmpfeoahblfncaooigccakcgngjbh
SmartVideo - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp
Google Mail Checker - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Google Wallet - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Checker Plus for Gmailâ„¢ - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj
Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_furmark.softonic.com.br_0.localstorage deleted successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_furmark.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage deleted successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.oquefazernainternet.com/q/%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
"Default_Search_URL"="http://www.oquefazernainternet.com/"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
"Default_Search_URL"="http://www.oquefazernainternet.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{CC778948-1EA5-4599-AE7A-9807D211DCF4} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=HPNTDF"
==== Reset Google Chrome ======================
C:\Users\Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Preferences was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Marcelo\Desktop\Downloads.lnk - C:\Users\Marcelo\Downloads
C:\Users\Marcelo\Desktop\Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Marcelo\Desktop\Inicializador de aplicativos do Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe --show-app-list
C:\Users\Marcelo\Desktop\Marcelo - Shortcut.lnk - C:\Marcelo
C:\Users\Marcelo\Desktop\Marcelo 2.lnk - C:\Users\Marcelo
C:\Users\Marcelo\Desktop\Music.lnk - C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
C:\Users\Marcelo\Desktop\Pictures.lnk - C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
C:\Users\Marcelo\Desktop\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Marcelo\Desktop\Games\Age of Empires 3.lnk - D:\Age 3\age3.exe
C:\Users\Marcelo\Desktop\Games\Age of Empires III - The Asian Dynasties.lnk - D:\Age 3\age3y.exe
C:\Users\Marcelo\Desktop\Games\Age of Empires III The Asian Dynasties.lnk -
C:\Users\Marcelo\Desktop\Games\Age of Empires III.lnk -
C:\Users\Marcelo\Desktop\Games\Age of Mythology - The Titans.lnk - D:\Age of Myt\Age\aomx.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\Age of Mythologyy.lnk - D:\AOM - léo\Age of Mythology\aom.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\aom - Shortcut.lnk - D:\AOM - léo\Age of Mythology\aom.exe
C:\Users\Marcelo\Desktop\Games\aomx - CPLX.lnk - D:\Age of Myt\Age\aomx.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\aomx - FREITAS.lnk - D:\Age of Myt - Freitas\Age of Mythology Titans\aomx.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\Burnout Paradise.lnk - C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
C:\Users\Marcelo\Desktop\Games\Call Of Duty - Word At War Multiplayer.lnk - D:\Cod5 - WAW\CoDWaWmp.exe +set fs_game "mods/PeZBOTWAW"
C:\Users\Marcelo\Desktop\Games\Call Of Duty - Word At War Single Player.lnk - D:\Cod5 - WAW\CoDWaW.exe
C:\Users\Marcelo\Desktop\Games\Counter-Strike 1.6 SiteCS.lnk - C:\Program Files (x86)\Valve\hl.exe -nomaster -game cstrike
C:\Users\Marcelo\Desktop\Games\Counter-Strike 1.6.lnk - C:\Program Files (x86)\Valve\hl.exe -game cstrike
C:\Users\Marcelo\Desktop\Games\Curse Of Monkey Island.lnk - C:\Program Files (x86)\Lucasarts\Curse\CMI Launcher.exe
C:\Users\Marcelo\Desktop\Games\Dedicated Server.lnk - C:\Program Files (x86)\Valve\hlds.exe -game cstrike -insecure
C:\Users\Marcelo\Desktop\Games\GunboundPS.lnk - C:\Game\SoftnyxGame\GunBoundPS\NyxLauncher.exe
C:\Users\Marcelo\Desktop\Games\Hlds Update Tool.lnk - C:\TF2server\HldsUpdateTool.exe c:\TF2server\HldsUpdateTool -command update -game tf -dir C:\TF2server
C:\Users\Marcelo\Desktop\Games\loader - Shortcut.lnk - D:\Age of Mythology Titans\loader.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\Loader.lnk - D:\Age of Mythology Titans\loader.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\NBA 2K11.lnk - D:\NBA 2k11\nba2k11.exe
C:\Users\Marcelo\Desktop\Games\Portal 2.lnk - D:\Portal 2\portal2.exe
C:\Users\Marcelo\Desktop\Games\scummvm - Shortcut.lnk - C:\Program Files (x86)\Lucasarts\scummvm-x64\scummvm-x64\scummvm.exe
C:\Users\Marcelo\Desktop\Games\Servidor Dedicado.lnk - C:\Program Files (x86)\Valve\hlds.exe -game cstrike -insecure
C:\Users\Marcelo\Desktop\Games\SimCity 4 - Shortcut.lnk - C:\Program Files (x86)\Maxis\SimCity 4 Deluxe\Apps\SimCity 4.exe -CustomResolution:enabled -r1600x900x32
C:\Users\Marcelo\Desktop\Games\SimCity 4 Deluxe.lnk - C:\Program Files (x86)\Maxis\SimCity 4 Deluxe\Apps\SimCity 4.exe -CustomResolution:enabled -r1600x900x32 -f
C:\Users\Marcelo\Desktop\Games\Sniper Ghost Warrior.lnk - C:\Program Files (x86)\City Interactive\Sniper Ghost Warrior\Sniper_x86.exe
C:\Users\Marcelo\Desktop\Games\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Marcelo\Desktop\Games\sXe Injected.lnk - C:\Program Files (x86)\sXe Injected\sxe injected.exe
C:\Users\Marcelo\Desktop\Games\The Sims 8 in 1.lnk - C:\Program Files (x86)\Maxis\The Sims 8 in 1\The Sims\Sims.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\WA - Shortcut.lnk - C:\Users\Marcelo\Downloads\WORMS\Worms Armageddon v3.7.2.1\WA.exe
C:\Users\Marcelo\Desktop\Shortcuts\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Marcelo\Desktop\Shortcuts\Alcohol 120%.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Users\Marcelo\Desktop\Shortcuts\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Marcelo\Desktop\Shortcuts\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Marcelo\Desktop\Shortcuts\Comodo Dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Users\Marcelo\Desktop\Shortcuts\COMODO Firewall.lnk - C:\Program Files (x86)\COMODO\COMODO Internet Security\cistray.exe --shortcut
C:\Users\Marcelo\Desktop\Shortcuts\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Marcelo\Desktop\Shortcuts\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\Marcelo\Desktop\Shortcuts\Defraggler.lnk - C:\Program Files (x86)\Defraggler\Defraggler64.exe
C:\Users\Marcelo\Desktop\Shortcuts\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\Marcelo\Desktop\Shortcuts\Firemin - Shortcut.lnk - C:\Marcelo\Documentos Pessoais em geral\firemin-030300\firemin-030300\Firemin.exe
C:\Users\Marcelo\Desktop\Shortcuts\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Marcelo\Desktop\Shortcuts\Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Marcelo\Desktop\Shortcuts\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HPScan.exe
C:\Users\Marcelo\Desktop\Shortcuts\HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Marcelo\Desktop\Shortcuts\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Marcelo\Desktop\Shortcuts\Shared Space.lnk - C:\ProgramData\Shared Space
C:\Users\Marcelo\Desktop\Shortcuts\Shop for Supplies - HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\hpqDTSS.exe
C:\Users\Marcelo\Desktop\Shortcuts\Stay Live 2000.lnk - C:\Program Files (x86)\Software by Design\StayLive.exe
C:\Users\Marcelo\Desktop\Shortcuts\StayLive - Shortcut.lnk - C:\Program Files (x86)\Software by Design\StayLive.exe
C:\Users\Marcelo\Desktop\Shortcuts\Virtual Comodo Dragon.lnk - C:\Program Files (x86)\COMODO\COMODO Internet Security\virtkiosk.exe -v "C:\Program Files (x86)\Comodo\Dragon\dragon.exe"
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Offline Email Notifier for Gmail™.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Uninstall.lnk - C:\Program Files (x86)\Glary Utilities 5\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Website.lnk - C:\Program Files (x86)\Glary Utilities 5\Glary Utilities 5.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSplayer\bsplayer.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk - C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk - C:\Program Files (x86)\Tunngle\Tunngle.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\AutoCAD 2006.lnk - C:\Program Files (x86)\AutoCAD 2006\acad.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CorelDRAW 12.lnk - C:\Windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut1.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office - 60 Day Trial.lnk - C:\Program Files (x86)\Microsoft Office Suite Activation Assistant\OAA.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2007 (2).lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007 (2).lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="local;*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cacaoweb deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeWDS deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateChecker deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Marcelo\AppData\Local\Mozilla\Firefox\Profiles\5zeyo61b.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=858 folders=52 277834118 bytes)
==== Empty Temp Folders ======================
C:\Users\Marcelo\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Marcelo\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 26/05/2014 at 20:50:12,64 ======================
-
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Marcelo on 26/05/2014 at 20:36:16,29.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Marcelo\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} deleted successfully
HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F1846CBD-F074-412E-842E-3E236808537F} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js:
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js:
ProfilePath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_052014_2045_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\GUT2C9D.tmp deleted
C:\PROGRA~2\GUT39B3.tmp deleted
C:\PROGRA~2\GUT452D.tmp deleted
C:\PROGRA~2\GUT5494.tmp deleted
C:\PROGRA~2\GUTA9E6.tmp deleted
C:\PROGRA~2\GUTACE8.tmp deleted
C:\PROGRA~2\GUTAD9D.tmp deleted
C:\PROGRA~2\GUTD144.tmp deleted
C:\PROGRA~2\GUTE0CD.tmp deleted
C:\PROGRA~2\GUM2C9C.tmp deleted
C:\PROGRA~2\GUM39A2.tmp deleted
C:\PROGRA~2\GUM452C.tmp deleted
C:\PROGRA~2\GUM5493.tmp deleted
C:\PROGRA~2\GUMA9B6.tmp deleted
C:\PROGRA~2\GUMAD8D.tmp deleted
C:\PROGRA~2\GUMD143.tmp deleted
C:\PROGRA~2\GUME0CC.tmp deleted
C:\PROGRA~2\SqueakyChocolate deleted
C:\Users\Marcelo\AppData\Local\cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\user.js deleted
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\extensions\firefox@webwebget.com.xpi deleted
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\jetpack deleted
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\extensions\PrivDog@AdTrustMedia.com deleted
"C:\Users\Marcelo\AppData\Local\{533987F3-AAB2-4496-8142-B15387EC103B}" deleted
"C:\Users\Marcelo\AppData\Roaming\nswb\icr.dll" deleted
"C:\Users\Marcelo\AppData\Roaming\Faces\Faces.prf" deleted
"C:\Users\Marcelo\AppData\Roaming\nswb" deleted
"C:\Users\Marcelo\AppData\Roaming\Faces" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn" []
==== Firefox Extensions ======================
ProfilePath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default
- BlackSheep - %ProfilePath%\extensions\jsobrier@zscaler.com
- SmileysWeLove: Smileys for use with Facebook GMail and more - %ProfilePath%\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi
- PrivDog - %ProfilePath%\extensions\PrivDog@AdTrustMedia.com.xpi
- Torbutton - %ProfilePath%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
785105A23650755A8F7A72405EB0D923 - C:\Users\Marcelo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Marcelo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
855B79451ECF62602F20EB4D5C71F99B - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
33E87713C7FE08C5F861E2819ED33A0E - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)
==== Deleted Firefox Extensions ======================
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
Comodo DragDrop Service - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
PrivDog - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Comodo Share Page Service - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
Google Wallet - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Offline Email Notifier for Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\clemkkclfcecinlbelmbmmfbclaeifpj
Adblock for Youtube - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk
Google Search - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Sigerson Morrison - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcpgmpfeoahblfncaooigccakcgngjbh
SmartVideo - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp
Google Mail Checker - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Google Wallet - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Checker Plus for Gmailâ„¢ - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj
Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_furmark.softonic.com.br_0.localstorage deleted successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_furmark.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage deleted successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.oquefazernainternet.com/q/%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
"Default_Search_URL"="http://www.oquefazernainternet.com/"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
"Default_Search_URL"="http://www.oquefazernainternet.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{CC778948-1EA5-4599-AE7A-9807D211DCF4} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=HPNTDF"
==== Reset Google Chrome ======================
C:\Users\Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Preferences was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Marcelo\Desktop\Downloads.lnk - C:\Users\Marcelo\Downloads
C:\Users\Marcelo\Desktop\Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Marcelo\Desktop\Inicializador de aplicativos do Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe --show-app-list
C:\Users\Marcelo\Desktop\Marcelo - Shortcut.lnk - C:\Marcelo
C:\Users\Marcelo\Desktop\Marcelo 2.lnk - C:\Users\Marcelo
C:\Users\Marcelo\Desktop\Music.lnk - C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
C:\Users\Marcelo\Desktop\Pictures.lnk - C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
C:\Users\Marcelo\Desktop\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Marcelo\Desktop\Games\Age of Empires 3.lnk - D:\Age 3\age3.exe
C:\Users\Marcelo\Desktop\Games\Age of Empires III - The Asian Dynasties.lnk - D:\Age 3\age3y.exe
C:\Users\Marcelo\Desktop\Games\Age of Empires III The Asian Dynasties.lnk -
C:\Users\Marcelo\Desktop\Games\Age of Empires III.lnk -
C:\Users\Marcelo\Desktop\Games\Age of Mythology - The Titans.lnk - D:\Age of Myt\Age\aomx.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\Age of Mythologyy.lnk - D:\AOM - léo\Age of Mythology\aom.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\aom - Shortcut.lnk - D:\AOM - léo\Age of Mythology\aom.exe
C:\Users\Marcelo\Desktop\Games\aomx - CPLX.lnk - D:\Age of Myt\Age\aomx.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\aomx - FREITAS.lnk - D:\Age of Myt - Freitas\Age of Mythology Titans\aomx.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\Burnout Paradise.lnk - C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
C:\Users\Marcelo\Desktop\Games\Call Of Duty - Word At War Multiplayer.lnk - D:\Cod5 - WAW\CoDWaWmp.exe +set fs_game "mods/PeZBOTWAW"
C:\Users\Marcelo\Desktop\Games\Call Of Duty - Word At War Single Player.lnk - D:\Cod5 - WAW\CoDWaW.exe
C:\Users\Marcelo\Desktop\Games\Counter-Strike 1.6 SiteCS.lnk - C:\Program Files (x86)\Valve\hl.exe -nomaster -game cstrike
C:\Users\Marcelo\Desktop\Games\Counter-Strike 1.6.lnk - C:\Program Files (x86)\Valve\hl.exe -game cstrike
C:\Users\Marcelo\Desktop\Games\Curse Of Monkey Island.lnk - C:\Program Files (x86)\Lucasarts\Curse\CMI Launcher.exe
C:\Users\Marcelo\Desktop\Games\Dedicated Server.lnk - C:\Program Files (x86)\Valve\hlds.exe -game cstrike -insecure
C:\Users\Marcelo\Desktop\Games\GunboundPS.lnk - C:\Game\SoftnyxGame\GunBoundPS\NyxLauncher.exe
C:\Users\Marcelo\Desktop\Games\Hlds Update Tool.lnk - C:\TF2server\HldsUpdateTool.exe c:\TF2server\HldsUpdateTool -command update -game tf -dir C:\TF2server
C:\Users\Marcelo\Desktop\Games\loader - Shortcut.lnk - D:\Age of Mythology Titans\loader.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\Loader.lnk - D:\Age of Mythology Titans\loader.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\NBA 2K11.lnk - D:\NBA 2k11\nba2k11.exe
C:\Users\Marcelo\Desktop\Games\Portal 2.lnk - D:\Portal 2\portal2.exe
C:\Users\Marcelo\Desktop\Games\scummvm - Shortcut.lnk - C:\Program Files (x86)\Lucasarts\scummvm-x64\scummvm-x64\scummvm.exe
C:\Users\Marcelo\Desktop\Games\Servidor Dedicado.lnk - C:\Program Files (x86)\Valve\hlds.exe -game cstrike -insecure
C:\Users\Marcelo\Desktop\Games\SimCity 4 - Shortcut.lnk - C:\Program Files (x86)\Maxis\SimCity 4 Deluxe\Apps\SimCity 4.exe -CustomResolution:enabled -r1600x900x32
C:\Users\Marcelo\Desktop\Games\SimCity 4 Deluxe.lnk - C:\Program Files (x86)\Maxis\SimCity 4 Deluxe\Apps\SimCity 4.exe -CustomResolution:enabled -r1600x900x32 -f
C:\Users\Marcelo\Desktop\Games\Sniper Ghost Warrior.lnk - C:\Program Files (x86)\City Interactive\Sniper Ghost Warrior\Sniper_x86.exe
C:\Users\Marcelo\Desktop\Games\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Marcelo\Desktop\Games\sXe Injected.lnk - C:\Program Files (x86)\sXe Injected\sxe injected.exe
C:\Users\Marcelo\Desktop\Games\The Sims 8 in 1.lnk - C:\Program Files (x86)\Maxis\The Sims 8 in 1\The Sims\Sims.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\WA - Shortcut.lnk - C:\Users\Marcelo\Downloads\WORMS\Worms Armageddon v3.7.2.1\WA.exe
C:\Users\Marcelo\Desktop\Shortcuts\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Marcelo\Desktop\Shortcuts\Alcohol 120%.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Users\Marcelo\Desktop\Shortcuts\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Marcelo\Desktop\Shortcuts\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Marcelo\Desktop\Shortcuts\Comodo Dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Users\Marcelo\Desktop\Shortcuts\COMODO Firewall.lnk - C:\Program Files (x86)\COMODO\COMODO Internet Security\cistray.exe --shortcut
C:\Users\Marcelo\Desktop\Shortcuts\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Marcelo\Desktop\Shortcuts\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\Marcelo\Desktop\Shortcuts\Defraggler.lnk - C:\Program Files (x86)\Defraggler\Defraggler64.exe
C:\Users\Marcelo\Desktop\Shortcuts\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\Marcelo\Desktop\Shortcuts\Firemin - Shortcut.lnk - C:\Marcelo\Documentos Pessoais em geral\firemin-030300\firemin-030300\Firemin.exe
C:\Users\Marcelo\Desktop\Shortcuts\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Marcelo\Desktop\Shortcuts\Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Marcelo\Desktop\Shortcuts\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HPScan.exe
C:\Users\Marcelo\Desktop\Shortcuts\HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Marcelo\Desktop\Shortcuts\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Marcelo\Desktop\Shortcuts\Shared Space.lnk - C:\ProgramData\Shared Space
C:\Users\Marcelo\Desktop\Shortcuts\Shop for Supplies - HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\hpqDTSS.exe
C:\Users\Marcelo\Desktop\Shortcuts\Stay Live 2000.lnk - C:\Program Files (x86)\Software by Design\StayLive.exe
C:\Users\Marcelo\Desktop\Shortcuts\StayLive - Shortcut.lnk - C:\Program Files (x86)\Software by Design\StayLive.exe
C:\Users\Marcelo\Desktop\Shortcuts\Virtual Comodo Dragon.lnk - C:\Program Files (x86)\COMODO\COMODO Internet Security\virtkiosk.exe -v "C:\Program Files (x86)\Comodo\Dragon\dragon.exe"
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Offline Email Notifier for Gmail™.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Uninstall.lnk - C:\Program Files (x86)\Glary Utilities 5\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Website.lnk - C:\Program Files (x86)\Glary Utilities 5\Glary Utilities 5.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSplayer\bsplayer.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk - C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk - C:\Program Files (x86)\Tunngle\Tunngle.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\AutoCAD 2006.lnk - C:\Program Files (x86)\AutoCAD 2006\acad.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CorelDRAW 12.lnk - C:\Windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut1.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office - 60 Day Trial.lnk - C:\Program Files (x86)\Microsoft Office Suite Activation Assistant\OAA.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2007 (2).lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007 (2).lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="local;*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cacaoweb deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeWDS deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateChecker deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Marcelo\AppData\Local\Mozilla\Firefox\Profiles\5zeyo61b.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=858 folders=52 277834118 bytes)
==== Empty Temp Folders ======================
C:\Users\Marcelo\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Marcelo\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 26/05/2014 at 20:50:12,64 ======================
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
RELATÓRIO DO Junkware Removal Tool A SEGUIR:
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Marcelo on 26/05/2014 at 21:05:21,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-648650066-4006766464-4025382557-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\Program Files (x86)\adtrustmedia"
Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
~~~ FireFox
Emptied folder: C:\Users\Marcelo\AppData\Roaming\mozilla\firefox\profiles\5zeyo61b.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2014 at 21:08:52,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Marcelo on 26/05/2014 at 21:05:21,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-648650066-4006766464-4025382557-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\Program Files (x86)\adtrustmedia"
Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
~~~ FireFox
Emptied folder: C:\Users\Marcelo\AppData\Roaming\mozilla\firefox\profiles\5zeyo61b.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2014 at 21:08:52,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
RELATÓRIO DO ZHPDiag:
-
~ Report of ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Launched by Marcelo (26/05/2014 21:26:07)
~ Web site address : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16798
MFIE: Mozilla Firefox 29.0.1
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Avira Free Antivirus v14.0.3.350
COMODO Internet Security v6.0.2566.2708
Windows Defender W7 (Activate)
---\\ System optimization software
CCleaner v4.07
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 4063 MB (72% free)
System Restore: Activé (Enable)
System drive C: has 83 GB (29%) free of 283 GB
---\\ Connection to the system mode
~ Computer Name: MARCELO-PC
~ User Name: Marcelo
~ All Users Names: Marcelo, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo\Desktop\
~ %Favorites% : C:\Users\Marcelo\Favorites\
~ %LocalAppData% : C:\Users\Marcelo\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 83 Go of 283 Go)
D: Hard drive, Flash drive, Thumb drive (Free 88 Go of 298 Go)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
F: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.01/02/2014 - 06:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/7083
~ Mes musiques (My Musics) : 1/8955
~ Mes Videos (My Videos) : 1/186
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 2/1482
~ Mon Bureau (My Desktop) : 23/991
~ Menu demarrer (Programs) : 1/96
~ Hidden Files: Scanned in 00mn 22s
---\\ Process running
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1768]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.2888]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Other User Links (O4)
O4 - GS\Program [Public]: Free Trials for QuickBooks, Quicken and TurboTax.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
~ Global Startup: 1 Legitimates Filtered in 00mn 03s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKCU\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HP Wireless Assistant Module.) -- C:\Program Files (x86)\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [amd_dc_opt] . (.AMD - AMD Dual-Core Optimizer.) -- C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [ComodoFSChrome] C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: PrivDog [64Bits] - {2F5C139F-79BD-4C84-A95A-E7140525BC55} . (.AdTrustMedia - PrivDog Extension.) -- C:\Program Files\AdTrustMedia\PrivDog\2.1.0.23\trustedads.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5171070C-B9D6-410E-9462-4F033E32E3AF}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{DB0ED3DD-6C22-42F0-9186-680D17A359D7}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{6D47A42F-82C1-4D69-838A-9FEE3BF528D6}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
O34 - HKLM BootExecute: (BootDefrag.exe) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [336]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [896]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [900]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1034]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1086]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s
---\\ Drivers launched at startup (O41)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 96 Legitimates Filtered in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: ADDONS SITECS (NONSTEAM) - (.www.sitecs.net.) [HKLM][64Bits] -- ADDONS SITECS (NONSTEAM)
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- Capture Solution XE 10.43
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- {D241D9B3-1A51-4E53-85CC-9AC754819013}
O42 - Logiciel: EMChuletator - (...) [HKLM][64Bits] -- EMChuletator
O42 - Logiciel: GPS TrackMaker - (.Geo Studio Technology Ltd.) [HKLM][64Bits] -- {572DDD41-B104-4D5C-BA1B-7A22E92E7A0C}
O42 - Logiciel: GPS TrackMaker PRO - (.Odilon Ferreira Junior (Geo Studio Technologies Ltd.).) [HKLM][64Bits] -- {32EA37A8-B50D-4B38-998F-CD56B3849201}
O42 - Logiciel: Homepage Protection - (.AOL Products.) [HKLM][64Bits] -- Homepage Protection
O42 - Logiciel: Patch v23 versão 2013 - (.SiteCS.) [HKLM][64Bits] -- {C1C3140D-730D-4176-94EC-F1706A929776}_is1
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: RoX aDDons v3.5 - (.RoX Site.) [HKLM][64Bits] -- RoX aDDons_is1
O42 - Logiciel: SlingBoxWatchYourTVAnyWhere - (.Sling Media.) [HKLM][64Bits] -- {4313E16C-811B-469F-8815-6EB98085F8B2}
O42 - Logiciel: Spring 5.1.5 Português_x86 - (...) [HKLM][64Bits] -- Spring 5.1.5 Português_x86
O42 - Logiciel: Stay Live 2000 - (.Gregory Braun -- Software Design.) [HKLM][64Bits] -- Stay Live 2000
O42 - Logiciel: UpdateChecker - (.SqueakyChocolate, LLC.) [HKLM][64Bits] -- SqueakyChocolate, LLC UpdateChecker
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected
~ Logic: 54 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\Counter Strike 1.6]
[HKCU\Software\GbAs]
[HKCU\Software\Homepage Protection]
[HKCU\Software\INPE-DPI]
[HKCU\Software\none]
[HKCU\Software\sXe Injected]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\sXe_Injected]
[HKLM\Software\Wow6432Node\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Key Software: 536 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 30/10/2010 - 08:05:01 - [] ----D C:\Program Files (x86)\Counter Strike
O43 - CFD: 06/12/2010 - 14:37:05 - [] ----D C:\Program Files (x86)\EMChuletator
O43 - CFD: 19/05/2012 - 23:35:16 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 12/11/2010 - 18:28:58 - [] ----D C:\Program Files (x86)\GTMPRO
O43 - CFD: 09/08/2009 - 06:18:03 - [] ----D C:\Program Files (x86)\JunoPreloader
O43 - CFD: 15/05/2014 - 01:36:33 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 18/09/2010 - 10:40:25 - [] ----D C:\Program Files (x86)\Spring515_Portugues_x86
O43 - CFD: 28/04/2013 - 16:20:10 - [] ----D C:\Program Files (x86)\Stay Live 2000
O43 - CFD: 14/03/2014 - 13:29:54 - [] ----D C:\Program Files (x86)\sXe Injected
O43 - CFD: 12/11/2010 - 18:27:45 - [] ----D C:\Program Files (x86)\TrackMaker
O43 - CFD: 15/05/2014 - 00:36:26 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 13/09/2010 - 11:03:16 - [] ----D C:\ProgramData\{348D66EB-BC89-1069-82CA-2F4BDF30189C}
O43 - CFD: 13/09/2010 - 11:01:35 - [] --H-D C:\ProgramData\{7F909CEA-CFE5-45BC-8C18-4466B9A9B6A3}
O43 - CFD: 14/05/2012 - 15:42:24 - [] ----D C:\Users\Marcelo\AppData\Roaming\HU2011
O43 - CFD: 15/05/2014 - 01:40:23 - [] ----D C:\Users\Marcelo\AppData\Local\PokerStars
O43 - CFD: 12/09/2010 - 18:34:44 - [] ----D C:\Users\Marcelo\AppData\Local\Sling_Media,_Inc
O43 - CFD: 15/10/2010 - 13:28:54 - [] ----D C:\Users\Marcelo\AppData\Local\storage
O43 - CFD: 12/05/2012 - 20:02:35 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ADDONS SITECS (NONSTEAM)
O43 - CFD: 15/05/2014 - 01:43:07 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 12/11/2010 - 18:27:46 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker
O43 - CFD: 12/11/2010 - 18:29:00 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker PRO
O43 - CFD: 14/03/2012 - 16:37:56 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ Program Folder: 283 Legitimates Filtered in 00mn 02s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.E9958D1F056E4684C57E0F34076B6107] - 15/05/2014 - 00:50:13 ---A- . (...) -- C:\Windows\M3JPEG.INI [578]
O44 - LFC:[MD5.B437454FF39614D501E45B58B06155F1] - 26/05/2014 - 18:39:52 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [23248]
O44 - LFC:[MD5.B437454FF39614D501E45B58B06155F1] - 26/05/2014 - 18:39:52 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [23248]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/05/2014 - 18:55:59 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 20:35:59 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.1691E86A35EEF9936F9F877960A8651C] - 26/05/2014 - 20:49:57 ---A- . (...) -- C:\Windows\ntbtlog.txt [497880]
O44 - LFC:[MD5.163DA961F8128F7D7488D2213B91BD21] - 26/05/2014 - 20:50:12 ---A- . (...) -- C:\zoek-results.log [32290]
~ Files: 17 Legitimates Filtered in 00mn 05s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{1b750b69-a7ec-11df-84e9-0027134cb7ab}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{3cfc78f2-ad3f-11df-9133-0027134cb7ab}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 24 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"=
~ MWPS: 22 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:17/01/2013 - 21:07:36 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:29/06/2009 - 15:17:00 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome(64).) -- C:\Windows\System32\Drivers\enecir.sys [70656]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:23/03/2010 - 14:53:06 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [505344]
O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 82 Legitimates Filtered in 00mn 38s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Comodo - Comodo Dragon.) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {CC778948-1EA5-4599-AE7A-9807D211DCF4} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.A427535CD5C46D09016574A541A982DB] [SPRF][31/07/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [952]
[MD5.26142233416E6FD8C74B7DAB3D3B4C0A] [SPRF][09/07/2013] (...) -- C:\Users\Marcelo\AppData\Roaming\room_v3.dat [45270]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\AdwCleaner.exe [1327971]
[MD5.8911FBB20555510A14C5FE096B322FE2] [SPRF][02/04/2014] (.PortableApps.com - ClamWin Portable.) -- C:\Users\Marcelo\Desktop\ClamWinPortable_0.98.1_English.paf.exe [7541552]
[MD5.0413F677CA3F7690AF1F03769632BF8C] [SPRF][14/04/2014] (.Dropbox, Inc. - Dropbox 2.6.29 Installer.) -- C:\Users\Marcelo\Desktop\DropboxInstaller.exe [315984]
[MD5.BA48F4C0988795FBEADAE23BE988054D] [SPRF][26/05/2014] (.Bleeping Computer, LLC - Terminates malware processes so that you can run your normal security programs..) -- C:\Users\Marcelo\Desktop\rkill.exe [1940216]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\zoek.exe [1285120]
~ Files: 13 Legitimates Filtered in 00mn 03s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{AEAC4B0C-FDBD-4866-B8FE-8D6777192A63}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{76BC2838-F9AA-4789-9E77-736C0CC56B68}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{A8C402F3-41F7-42DB-904B-30AD9EBBD590}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{39ED5FAB-D01D-4BC4-9AB2-8E7BA9338DAF}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{746FA3FB-69EE-47C8-8B99-4DADFAED5A9D}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DC939A3C-0067-4AC1-B788-47428525AEF7}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 02s
---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 446 Legitimates Filtered in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
SS - | Auto 27/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SS - | Auto 02/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Auto 20/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SS - | Auto 20/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SS - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 28/10/2010 77944 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
SS - | Demand 05/01/2012 75624 | (AxAutoMntSrv) . (.Alcohol Soft Development Team.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
SS - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 30/07/2009 864032 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SS - | Auto 16/04/2014 6817544 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SS - | Demand 25/03/2014 2264280 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SS - | Demand 05/05/2009 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Auto 23/04/2014 2135232 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 09/07/2009 124928 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 08/07/2009 30520 | (hpsrv) . (.Hewlett-Packard.) - C:\Windows\System32\Hpservice.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 11/10/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SS - | Demand 22/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SS - | Auto 21/01/2009 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 23/03/2010 247808 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
SS - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SS - | Demand 26/07/2013 563624 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Disabled 19/10/2010 2011944 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
SS - | Demand 24/06/2013 754584 | (TunngleService) . (.Tunngle.net GmbH.) - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 24/07/2009 146928 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
SR - | Auto 26/05/2011 161080 | (CLPSLS) . (.COMODO.) - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
SR - | Auto 29/11/2013 2210640 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
~ Emulateurs: Scanned in 00mn 09s
---\\ Scan Additionnel (O88)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
~ Additionnel Scan: 545553 Items scanned in 02mn 06s
---\\ Summary of the detections found on your workstation
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MyPCBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SearchSettings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 5 link(s) detected in 00mn 00s
~ 1184 Legitimates filtered by white list
End of the scan (521 lines in 04mn 02s)(0)
-
~ Report of ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Launched by Marcelo (26/05/2014 21:26:07)
~ Web site address : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16798
MFIE: Mozilla Firefox 29.0.1
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Avira Free Antivirus v14.0.3.350
COMODO Internet Security v6.0.2566.2708
Windows Defender W7 (Activate)
---\\ System optimization software
CCleaner v4.07
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 4063 MB (72% free)
System Restore: Activé (Enable)
System drive C: has 83 GB (29%) free of 283 GB
---\\ Connection to the system mode
~ Computer Name: MARCELO-PC
~ User Name: Marcelo
~ All Users Names: Marcelo, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo\Desktop\
~ %Favorites% : C:\Users\Marcelo\Favorites\
~ %LocalAppData% : C:\Users\Marcelo\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 83 Go of 283 Go)
D: Hard drive, Flash drive, Thumb drive (Free 88 Go of 298 Go)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
F: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.01/02/2014 - 06:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/7083
~ Mes musiques (My Musics) : 1/8955
~ Mes Videos (My Videos) : 1/186
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 2/1482
~ Mon Bureau (My Desktop) : 23/991
~ Menu demarrer (Programs) : 1/96
~ Hidden Files: Scanned in 00mn 22s
---\\ Process running
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1768]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.2888]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Other User Links (O4)
O4 - GS\Program [Public]: Free Trials for QuickBooks, Quicken and TurboTax.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
~ Global Startup: 1 Legitimates Filtered in 00mn 03s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKCU\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HP Wireless Assistant Module.) -- C:\Program Files (x86)\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [amd_dc_opt] . (.AMD - AMD Dual-Core Optimizer.) -- C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [ComodoFSChrome] C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: PrivDog [64Bits] - {2F5C139F-79BD-4C84-A95A-E7140525BC55} . (.AdTrustMedia - PrivDog Extension.) -- C:\Program Files\AdTrustMedia\PrivDog\2.1.0.23\trustedads.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5171070C-B9D6-410E-9462-4F033E32E3AF}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{DB0ED3DD-6C22-42F0-9186-680D17A359D7}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{6D47A42F-82C1-4D69-838A-9FEE3BF528D6}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
O34 - HKLM BootExecute: (BootDefrag.exe) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [336]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [896]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [900]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1034]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1086]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s
---\\ Drivers launched at startup (O41)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 96 Legitimates Filtered in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: ADDONS SITECS (NONSTEAM) - (.www.sitecs.net.) [HKLM][64Bits] -- ADDONS SITECS (NONSTEAM)
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- Capture Solution XE 10.43
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- {D241D9B3-1A51-4E53-85CC-9AC754819013}
O42 - Logiciel: EMChuletator - (...) [HKLM][64Bits] -- EMChuletator
O42 - Logiciel: GPS TrackMaker - (.Geo Studio Technology Ltd.) [HKLM][64Bits] -- {572DDD41-B104-4D5C-BA1B-7A22E92E7A0C}
O42 - Logiciel: GPS TrackMaker PRO - (.Odilon Ferreira Junior (Geo Studio Technologies Ltd.).) [HKLM][64Bits] -- {32EA37A8-B50D-4B38-998F-CD56B3849201}
O42 - Logiciel: Homepage Protection - (.AOL Products.) [HKLM][64Bits] -- Homepage Protection
O42 - Logiciel: Patch v23 versão 2013 - (.SiteCS.) [HKLM][64Bits] -- {C1C3140D-730D-4176-94EC-F1706A929776}_is1
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: RoX aDDons v3.5 - (.RoX Site.) [HKLM][64Bits] -- RoX aDDons_is1
O42 - Logiciel: SlingBoxWatchYourTVAnyWhere - (.Sling Media.) [HKLM][64Bits] -- {4313E16C-811B-469F-8815-6EB98085F8B2}
O42 - Logiciel: Spring 5.1.5 Português_x86 - (...) [HKLM][64Bits] -- Spring 5.1.5 Português_x86
O42 - Logiciel: Stay Live 2000 - (.Gregory Braun -- Software Design.) [HKLM][64Bits] -- Stay Live 2000
O42 - Logiciel: UpdateChecker - (.SqueakyChocolate, LLC.) [HKLM][64Bits] -- SqueakyChocolate, LLC UpdateChecker
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected
~ Logic: 54 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\Counter Strike 1.6]
[HKCU\Software\GbAs]
[HKCU\Software\Homepage Protection]
[HKCU\Software\INPE-DPI]
[HKCU\Software\none]
[HKCU\Software\sXe Injected]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\sXe_Injected]
[HKLM\Software\Wow6432Node\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Key Software: 536 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 30/10/2010 - 08:05:01 - [] ----D C:\Program Files (x86)\Counter Strike
O43 - CFD: 06/12/2010 - 14:37:05 - [] ----D C:\Program Files (x86)\EMChuletator
O43 - CFD: 19/05/2012 - 23:35:16 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 12/11/2010 - 18:28:58 - [] ----D C:\Program Files (x86)\GTMPRO
O43 - CFD: 09/08/2009 - 06:18:03 - [] ----D C:\Program Files (x86)\JunoPreloader
O43 - CFD: 15/05/2014 - 01:36:33 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 18/09/2010 - 10:40:25 - [] ----D C:\Program Files (x86)\Spring515_Portugues_x86
O43 - CFD: 28/04/2013 - 16:20:10 - [] ----D C:\Program Files (x86)\Stay Live 2000
O43 - CFD: 14/03/2014 - 13:29:54 - [] ----D C:\Program Files (x86)\sXe Injected
O43 - CFD: 12/11/2010 - 18:27:45 - [] ----D C:\Program Files (x86)\TrackMaker
O43 - CFD: 15/05/2014 - 00:36:26 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 13/09/2010 - 11:03:16 - [] ----D C:\ProgramData\{348D66EB-BC89-1069-82CA-2F4BDF30189C}
O43 - CFD: 13/09/2010 - 11:01:35 - [] --H-D C:\ProgramData\{7F909CEA-CFE5-45BC-8C18-4466B9A9B6A3}
O43 - CFD: 14/05/2012 - 15:42:24 - [] ----D C:\Users\Marcelo\AppData\Roaming\HU2011
O43 - CFD: 15/05/2014 - 01:40:23 - [] ----D C:\Users\Marcelo\AppData\Local\PokerStars
O43 - CFD: 12/09/2010 - 18:34:44 - [] ----D C:\Users\Marcelo\AppData\Local\Sling_Media,_Inc
O43 - CFD: 15/10/2010 - 13:28:54 - [] ----D C:\Users\Marcelo\AppData\Local\storage
O43 - CFD: 12/05/2012 - 20:02:35 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ADDONS SITECS (NONSTEAM)
O43 - CFD: 15/05/2014 - 01:43:07 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 12/11/2010 - 18:27:46 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker
O43 - CFD: 12/11/2010 - 18:29:00 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker PRO
O43 - CFD: 14/03/2012 - 16:37:56 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ Program Folder: 283 Legitimates Filtered in 00mn 02s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.E9958D1F056E4684C57E0F34076B6107] - 15/05/2014 - 00:50:13 ---A- . (...) -- C:\Windows\M3JPEG.INI [578]
O44 - LFC:[MD5.B437454FF39614D501E45B58B06155F1] - 26/05/2014 - 18:39:52 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [23248]
O44 - LFC:[MD5.B437454FF39614D501E45B58B06155F1] - 26/05/2014 - 18:39:52 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [23248]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/05/2014 - 18:55:59 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 20:35:59 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.1691E86A35EEF9936F9F877960A8651C] - 26/05/2014 - 20:49:57 ---A- . (...) -- C:\Windows\ntbtlog.txt [497880]
O44 - LFC:[MD5.163DA961F8128F7D7488D2213B91BD21] - 26/05/2014 - 20:50:12 ---A- . (...) -- C:\zoek-results.log [32290]
~ Files: 17 Legitimates Filtered in 00mn 05s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{1b750b69-a7ec-11df-84e9-0027134cb7ab}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{3cfc78f2-ad3f-11df-9133-0027134cb7ab}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 24 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"=
~ MWPS: 22 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:17/01/2013 - 21:07:36 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:29/06/2009 - 15:17:00 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome(64).) -- C:\Windows\System32\Drivers\enecir.sys [70656]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:23/03/2010 - 14:53:06 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [505344]
O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 82 Legitimates Filtered in 00mn 38s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {CC778948-1EA5-4599-AE7A-9807D211DCF4} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.A427535CD5C46D09016574A541A982DB] [SPRF][31/07/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [952]
[MD5.26142233416E6FD8C74B7DAB3D3B4C0A] [SPRF][09/07/2013] (...) -- C:\Users\Marcelo\AppData\Roaming\room_v3.dat [45270]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\AdwCleaner.exe [1327971]
[MD5.8911FBB20555510A14C5FE096B322FE2] [SPRF][02/04/2014] (.PortableApps.com - ClamWin Portable.) -- C:\Users\Marcelo\Desktop\ClamWinPortable_0.98.1_English.paf.exe [7541552]
[MD5.0413F677CA3F7690AF1F03769632BF8C] [SPRF][14/04/2014] (.Dropbox, Inc. - Dropbox 2.6.29 Installer.) -- C:\Users\Marcelo\Desktop\DropboxInstaller.exe [315984]
[MD5.BA48F4C0988795FBEADAE23BE988054D] [SPRF][26/05/2014] (.Bleeping Computer, LLC - Terminates malware processes so that you can run your normal security programs..) -- C:\Users\Marcelo\Desktop\rkill.exe [1940216]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\zoek.exe [1285120]
~ Files: 13 Legitimates Filtered in 00mn 03s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{AEAC4B0C-FDBD-4866-B8FE-8D6777192A63}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{76BC2838-F9AA-4789-9E77-736C0CC56B68}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{A8C402F3-41F7-42DB-904B-30AD9EBBD590}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{39ED5FAB-D01D-4BC4-9AB2-8E7BA9338DAF}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{746FA3FB-69EE-47C8-8B99-4DADFAED5A9D}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DC939A3C-0067-4AC1-B788-47428525AEF7}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 02s
---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 446 Legitimates Filtered in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
SS - | Auto 27/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SS - | Auto 02/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Auto 20/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SS - | Auto 20/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SS - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 28/10/2010 77944 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
SS - | Demand 05/01/2012 75624 | (AxAutoMntSrv) . (.Alcohol Soft Development Team.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
SS - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 30/07/2009 864032 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SS - | Auto 16/04/2014 6817544 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SS - | Demand 25/03/2014 2264280 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SS - | Demand 05/05/2009 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Auto 23/04/2014 2135232 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 09/07/2009 124928 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 08/07/2009 30520 | (hpsrv) . (.Hewlett-Packard.) - C:\Windows\System32\Hpservice.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 11/10/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SS - | Demand 22/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SS - | Auto 21/01/2009 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 23/03/2010 247808 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
SS - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SS - | Demand 26/07/2013 563624 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Disabled 19/10/2010 2011944 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
SS - | Demand 24/06/2013 754584 | (TunngleService) . (.Tunngle.net GmbH.) - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 24/07/2009 146928 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
SR - | Auto 26/05/2011 161080 | (CLPSLS) . (.COMODO.) - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
SR - | Auto 29/11/2013 2210640 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
~ Emulateurs: Scanned in 00mn 09s
---\\ Scan Additionnel (O88)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
~ Additionnel Scan: 545553 Items scanned in 02mn 06s
---\\ Summary of the detections found on your workstation
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MyPCBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SearchSettings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 5 link(s) detected in 00mn 00s
~ 1184 Legitimates filtered by white list
End of the scan (521 lines in 04mn 02s)(0)
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
Eu vou pedir pra você aguardar.
Seus relatórios estão sendo analisados.
Aguarde os próximos procedimentos, por favor.
Seus relatórios estão sendo analisados.
Aguarde os próximos procedimentos, por favor.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Re: Laptop infectado
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________________
Este programa Homepage Protection (da AOL Products) foi você quem instalou?
___________________________________________________________________________________________________________
Sugiro que desinstale o Bonjour, que é desnecessário.
___________________________________________________________________________________________________________
Faça o download do Usbfix [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (ao acessar a página clique no botão representado nesta imagem (na parte inferior direita da página) para baixá-lo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Utilize o USBFix conforme é mostrado nesta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste-o em sua próxima resposta juntamente com o log (relatório) do Usbfix que estará em C:\UsbFix.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________________
Este programa Homepage Protection (da AOL Products) foi você quem instalou?
___________________________________________________________________________________________________________
Sugiro que desinstale o Bonjour, que é desnecessário.
___________________________________________________________________________________________________________
Faça o download do Usbfix [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (ao acessar a página clique no botão representado nesta imagem (na parte inferior direita da página) para baixá-lo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Utilize o USBFix conforme é mostrado nesta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste-o em sua próxima resposta juntamente com o log (relatório) do Usbfix que estará em C:\UsbFix.txt
Última edição por Power Max em Ter 27 maio 2014, 21:10, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Laptop infectado
Olá,
eu gostaria de remover esse item da inicialização também, como faço?
[img][Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][/img]
eu gostaria de remover esse item da inicialização também, como faço?
[img][Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][/img]
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
Para impedir que um determinado programa inicie automaticamente com o Windows basta clicar com o botão direito do mouse sobre ele e depois disto clique na opção Desativar.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Laptop infectado
eu clico, porém eu recebo uma mensagem de erro.
inclusive, a primeira linha do comando que voce me mandou é essa:
"O4 - HKLM\..\Wow6432Node\Run: [ComodoFSChrome] C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe (.not file.) "
praticamente um arquivo desconhecido, inicializando junto com o windows, impedindo o meu privdog de atuar.
e só apareceu depois que eu baxei aqueles diagnósticos todos.
Oque significa isso?
inclusive, a primeira linha do comando que voce me mandou é essa:
"O4 - HKLM\..\Wow6432Node\Run: [ComodoFSChrome] C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe (.not file.) "
praticamente um arquivo desconhecido, inicializando junto com o windows, impedindo o meu privdog de atuar.
e só apareceu depois que eu baxei aqueles diagnósticos todos.
Oque significa isso?
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
Siga as outras dicas que te passei na resposta anterior e poste os relatórios solicitados para que possamos analisar.
Última edição por Power Max em Ter 27 maio 2014, 21:10, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Laptop infectado
o HOME PROTECTION da AOL eu nao consigo desisntalar - "the system cannot find the file - error 2"
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
Sim, siga então as outras dicas que te passei e poste os relatórios pedidos.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Laptop infectado
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Marcelo at 27/05/2014 19:53:47
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Recycle Bin emptied (00mn 06s)
Repair of browser shortcuts
========== Software ==========
ABSENT Uninstall Process: c:\program files (x86)\squeakychocolate\updatechecker\uninstall.exe
========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SqueakyChocolate, LLC UpdateChecker]
REMOVES:* CLSID Extra Buttons: {2F5C139F-79BD-4C84-A95A-E7140525BC55}
REMOVES Driver Key: Bfilter
REMOVES Driver Key: Bfmon
REMOVES Driver Key: Bnbase
REMOVES Driver Key: Bndef
REMOVES Driver Key: Bprotect
REMOVES: HKCU\Software\Baidu Security
REMOVES: HKLM\Software\Wow6432Node\360Safe
REMOVES: HKLM\Software\Wow6432Node\Baidu Security
REMOVES: HKLM\Software\Wow6432Node\SupDp
REMOVES:* CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
REMOVES:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
REMOVES:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}
========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
========== Elements of the registry data ==========
REMOVES Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
========== Folders ==========
No folders empty CLSID Local user
========== Files ==========
Deletes temporary Windows (123) (4.079.626 octets)
REMOVES Flash Cookies (0) (0 octets)
========== System restore ==========
The system successfully created restore point
========== Summary ==========
17 : Registry keys
6 : Registry values
1 : Elements of the registry data
1 : Folders
2 : Files
1 : Software
1 : System restore
End of clean in 02mn 27s
========== Path to file report ==========
C:\Users\Marcelo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 19:53:53 [2349]
Fichier d'export Registre :
Run by Marcelo at 27/05/2014 19:53:47
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Recycle Bin emptied (00mn 06s)
Repair of browser shortcuts
========== Software ==========
ABSENT Uninstall Process: c:\program files (x86)\squeakychocolate\updatechecker\uninstall.exe
========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SqueakyChocolate, LLC UpdateChecker]
REMOVES:* CLSID Extra Buttons: {2F5C139F-79BD-4C84-A95A-E7140525BC55}
REMOVES Driver Key: Bfilter
REMOVES Driver Key: Bfmon
REMOVES Driver Key: Bnbase
REMOVES Driver Key: Bndef
REMOVES Driver Key: Bprotect
REMOVES: HKCU\Software\Baidu Security
REMOVES: HKLM\Software\Wow6432Node\360Safe
REMOVES: HKLM\Software\Wow6432Node\Baidu Security
REMOVES: HKLM\Software\Wow6432Node\SupDp
REMOVES:* CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
REMOVES:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
REMOVES:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}
========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
========== Elements of the registry data ==========
REMOVES Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
========== Folders ==========
No folders empty CLSID Local user
========== Files ==========
Deletes temporary Windows (123) (4.079.626 octets)
REMOVES Flash Cookies (0) (0 octets)
========== System restore ==========
The system successfully created restore point
========== Summary ==========
17 : Registry keys
6 : Registry values
1 : Elements of the registry data
1 : Folders
2 : Files
1 : Software
1 : System restore
End of clean in 02mn 27s
========== Path to file report ==========
C:\Users\Marcelo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 19:53:53 [2349]
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Laptop infectado
okey, esta sendo diagnosticado.
mas, por que o procedimento para todos os computadores é praticamente igual?
mas, por que o procedimento para todos os computadores é praticamente igual?
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
~ Report of ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Launched by Marcelo (27/05/2014 20:26:15)
~ Web site address : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16798
MFIE: Mozilla Firefox 29.0.1
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Avira Free Antivirus v14.0.3.350
COMODO Internet Security v6.0.2566.2708
Windows Defender W7 (Activate)
---\\ System optimization software
CCleaner v4.14
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4063 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 81 GB (28%) free of 283 GB
---\\ Connection to the system mode
~ Computer Name: MARCELO-PC
~ User Name: Marcelo
~ All Users Names: Marcelo, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo\Desktop\
~ %Favorites% : C:\Users\Marcelo\Favorites\
~ %LocalAppData% : C:\Users\Marcelo\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 81 Go of 283 Go)
D: Hard drive, Flash drive, Thumb drive (Free 88 Go of 298 Go)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: CD-ROM drive (Not Inserted)
J: CD-ROM drive (Not Inserted)
K: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.01/02/2014 - 06:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/7083
~ Mes musiques (My Musics) : 1/8955
~ Mes Videos (My Videos) : 1/186
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 2/1482
~ Mon Bureau (My Desktop) : 23/997
~ Menu demarrer (Programs) : 1/96
~ Hidden Files: Scanned in 00mn 20s
---\\ Process running
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400] [PID.1608]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1916]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.4212]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1048]
[MD5.CCCDC7B64CFF96C977B0FADC24434628] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe [33322312] [PID.4108]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1512]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.7128]
~ Processes Running: Scanned in 00mn 07s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [mihcahmgecmbnbcchbopgniflfhgnkff] Verificador de mensagens do Google v.4.4.0 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 04s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Other User Links (O4)
O4 - GS\Program [Public]: Free Trials for QuickBooks, Quicken and TurboTax.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
~ Global Startup: 1 Legitimates Filtered in 00mn 09s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKCU\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HP Wireless Assistant Module.) -- C:\Program Files (x86)\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [amd_dc_opt] . (.AMD - AMD Dual-Core Optimizer.) -- C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\Cmd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
O34 - HKLM BootExecute: (BootDefrag.exe) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [{1B7D2E31-FC11-4E7E-AE01-DFE07E1D6C07}] (...) -- H:\Bug Corrigido NoSteam - CS Online.exe (.not file.) [0]
[MD5.276250E5A92A3EA2CF53C4C4BBFA7AC8] [APT] [{1F3A724E-3E62-4807-A1E4-9476B34B9879}] (...) -- C:\Users\Marcelo\Downloads\GmailInstaller.exe [299288]
[MD5.00000000000000000000000000000000] [APT] [{33723558-36BE-4E14-B2E4-7E9B307BFEA9}] (...) -- G:\Setup.exe (.not file.) [0]
[MD5.31977D354D0E356689B1A8CD779DFEB5] [APT] [{3FE18C6B-790E-4F1A-87A6-55EEC867DDD9}] (...) -- D:\Age of Mythology Titans\aomx10to103.exe [8058144]
[MD5.00000000000000000000000000000000] [APT] [{4186A594-5F53-4860-B10B-B0C9A2849E75}] (...) -- C:\Users\Marcelo\Desktop\UltraSurf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{479335AC-C06B-4D5E-A7C9-0F0454165429}] (...) -- C:\Users\Marcelo\Desktop\Bug Corrigido NoSteam - CS Online.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{584457F6-6762-4A74-A46D-FDBAB7EE7E89}] (...) -- C:\Users\Marcelo\My Games\Mafia 2\Mafia_II_[[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{71D94853-AB11-4044-924D-B3356E7C0CB0}] (...) -- C:\Users\Marcelo\Desktop\ClamWin_Portable_0.94.1_Rev_2.paf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D57F4D40-35BB-4006-97CA-F10808FE5A08}] (...) -- I:\autorun.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [336]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [896]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [900]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1034]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1086]
~ Scheduled Task: 50 Legitimates Filtered in 00mn 10s
---\\ Drivers launched at startup (O41)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 86 Legitimates Filtered in 00mn 01s
---\\ Software installed (O42)
O42 - Logiciel: ADDONS SITECS (NONSTEAM) - (.www.sitecs.net.) [HKLM][64Bits] -- ADDONS SITECS (NONSTEAM)
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- Capture Solution XE 10.43
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- {D241D9B3-1A51-4E53-85CC-9AC754819013}
O42 - Logiciel: EMChuletator - (...) [HKLM][64Bits] -- EMChuletator
O42 - Logiciel: GPS TrackMaker - (.Geo Studio Technology Ltd.) [HKLM][64Bits] -- {572DDD41-B104-4D5C-BA1B-7A22E92E7A0C}
O42 - Logiciel: GPS TrackMaker PRO - (.Odilon Ferreira Junior (Geo Studio Technologies Ltd.).) [HKLM][64Bits] -- {32EA37A8-B50D-4B38-998F-CD56B3849201}
O42 - Logiciel: Homepage Protection - (.AOL Products.) [HKLM][64Bits] -- Homepage Protection
O42 - Logiciel: Patch v23 versão 2013 - (.SiteCS.) [HKLM][64Bits] -- {C1C3140D-730D-4176-94EC-F1706A929776}_is1
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: RoX aDDons v3.5 - (.RoX Site.) [HKLM][64Bits] -- RoX aDDons_is1
O42 - Logiciel: SlingBoxWatchYourTVAnyWhere - (.Sling Media.) [HKLM][64Bits] -- {4313E16C-811B-469F-8815-6EB98085F8B2}
O42 - Logiciel: Spring 5.1.5 Português_x86 - (...) [HKLM][64Bits] -- Spring 5.1.5 Português_x86
O42 - Logiciel: Stay Live 2000 - (.Gregory Braun -- Software Design.) [HKLM][64Bits] -- Stay Live 2000
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected
~ Logic: 54 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Counter Strike 1.6]
[HKCU\Software\GbAs]
[HKCU\Software\Homepage Protection]
[HKCU\Software\INPE-DPI]
[HKCU\Software\none]
[HKCU\Software\sXe Injected]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\sXe_Injected]
[HKLM\Software\Wow6432Node\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Key Software: 531 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 30/10/2010 - 08:05:01 - [] ----D C:\Program Files (x86)\Counter Strike
O43 - CFD: 06/12/2010 - 14:37:05 - [] ----D C:\Program Files (x86)\EMChuletator
O43 - CFD: 19/05/2012 - 23:35:16 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 12/11/2010 - 18:28:58 - [] ----D C:\Program Files (x86)\GTMPRO
O43 - CFD: 09/08/2009 - 06:18:03 - [] ----D C:\Program Files (x86)\JunoPreloader
O43 - CFD: 15/05/2014 - 01:36:33 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 18/09/2010 - 10:40:25 - [] ----D C:\Program Files (x86)\Spring515_Portugues_x86
O43 - CFD: 28/04/2013 - 16:20:10 - [] ----D C:\Program Files (x86)\Stay Live 2000
O43 - CFD: 14/03/2014 - 13:29:54 - [] ----D C:\Program Files (x86)\sXe Injected
O43 - CFD: 12/11/2010 - 18:27:45 - [] ----D C:\Program Files (x86)\TrackMaker
O43 - CFD: 13/09/2010 - 11:03:16 - [] ----D C:\ProgramData\{348D66EB-BC89-1069-82CA-2F4BDF30189C}
O43 - CFD: 13/09/2010 - 11:01:35 - [] --H-D C:\ProgramData\{7F909CEA-CFE5-45BC-8C18-4466B9A9B6A3}
O43 - CFD: 14/05/2012 - 15:42:24 - [] ----D C:\Users\Marcelo\AppData\Roaming\HU2011
O43 - CFD: 15/05/2014 - 01:40:23 - [] ----D C:\Users\Marcelo\AppData\Local\PokerStars
O43 - CFD: 12/09/2010 - 18:34:44 - [] ----D C:\Users\Marcelo\AppData\Local\Sling_Media,_Inc
O43 - CFD: 15/10/2010 - 13:28:54 - [] ----D C:\Users\Marcelo\AppData\Local\storage
O43 - CFD: 12/05/2012 - 20:02:35 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ADDONS SITECS (NONSTEAM)
O43 - CFD: 15/05/2014 - 01:43:07 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 12/11/2010 - 18:27:46 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker
O43 - CFD: 12/11/2010 - 18:29:00 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker PRO
O43 - CFD: 14/03/2012 - 16:37:56 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ Program Folder: 282 Legitimates Filtered in 00mn 01s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.E9958D1F056E4684C57E0F34076B6107] - 15/05/2014 - 00:50:13 ---A- . (...) -- C:\Windows\M3JPEG.INI [578]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/05/2014 - 18:55:59 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 20:35:59 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.163DA961F8128F7D7488D2213B91BD21] - 26/05/2014 - 20:50:12 ----- . (...) -- C:\zoek-results.log [32290]
O44 - LFC:[MD5.59EF60608A86CEA6B8587B4A56699779] - 27/05/2014 - 20:16:58 ---A- . (...) -- C:\Windows\System32\Drivers\fvstore.dat [175256]
~ Files: 15 Legitimates Filtered in 00mn 58s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 24 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"=
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:17/01/2013 - 21:07:36 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:29/06/2009 - 15:17:00 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome(64).) -- C:\Windows\System32\Drivers\enecir.sys [70656]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:23/03/2010 - 14:53:06 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [505344]
O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 82 Legitimates Filtered in 00mn 46s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Comodo - Comodo Dragon.) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [Marcelo - 5zeyo61b.default] user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*[...] =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {CC778948-1EA5-4599-AE7A-9807D211DCF4} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.A427535CD5C46D09016574A541A982DB] [SPRF][31/07/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [952]
[MD5.26142233416E6FD8C74B7DAB3D3B4C0A] [SPRF][09/07/2013] (...) -- C:\Users\Marcelo\AppData\Roaming\room_v3.dat [45270]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\AdwCleaner.exe [1327971]
[MD5.8911FBB20555510A14C5FE096B322FE2] [SPRF][02/04/2014] (.PortableApps.com - ClamWin Portable.) -- C:\Users\Marcelo\Desktop\ClamWinPortable_0.98.1_English.paf.exe [7541552]
[MD5.0413F677CA3F7690AF1F03769632BF8C] [SPRF][14/04/2014] (.Dropbox, Inc. - Dropbox 2.6.29 Installer.) -- C:\Users\Marcelo\Desktop\DropboxInstaller.exe [315984]
[MD5.BA48F4C0988795FBEADAE23BE988054D] [SPRF][26/05/2014] (.Bleeping Computer, LLC - Terminates malware processes so that you can run your normal security programs..) -- C:\Users\Marcelo\Desktop\rkill.exe [1940216]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\zoek.exe [1285120]
~ Files: 13 Legitimates Filtered in 00mn 09s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{AEAC4B0C-FDBD-4866-B8FE-8D6777192A63}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{76BC2838-F9AA-4789-9E77-736C0CC56B68}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{A8C402F3-41F7-42DB-904B-30AD9EBBD590}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{39ED5FAB-D01D-4BC4-9AB2-8E7BA9338DAF}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{746FA3FB-69EE-47C8-8B99-4DADFAED5A9D}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DC939A3C-0067-4AC1-B788-47428525AEF7}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 05s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 442 Legitimates Filtered in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
SS - | Auto 27/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SS - | Auto 02/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Demand 28/10/2010 77944 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
SS - | Demand 05/01/2012 75624 | (AxAutoMntSrv) . (.Alcohol Soft Development Team.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
SS - | Auto 26/05/2011 161080 | (CLPSLS) . (.COMODO.) - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
SS - | Demand 05/05/2009 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Auto 23/04/2014 2135232 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 29/11/2013 2210640 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 08/07/2009 30520 | (hpsrv) . (.Hewlett-Packard.) - C:\Windows\System32\Hpservice.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 11/10/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SS - | Demand 22/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SS - | Auto 21/01/2009 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 23/03/2010 247808 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
SS - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SS - | Demand 26/07/2013 563624 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Disabled 19/10/2010 2011944 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
SS - | Demand 24/06/2013 754584 | (TunngleService) . (.Tunngle.net GmbH.) - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
SR - | Auto 20/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 20/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/07/2009 864032 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 16/04/2014 6817544 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SR - | Demand 25/03/2014 2264280 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SR - | Auto 09/07/2009 124928 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 24/07/2009 146928 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
~ Services: Scanned in 00mn 15s
---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
~ Emulateurs: Scanned in 00mn 15s
---\\ Scan Additionnel (O88)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
~ Additionnel Scan: 545196 Items scanned in 02mn 42s
---\\ Summary of the detections found on your workstation
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MyWebSearch
~ MSI: 1 link(s) detected in 00mn 00s
~ 1206 Legitimates filtered by white list
End of the scan (501 lines in 08mn 00s)(0)
~ Launched by Marcelo (27/05/2014 20:26:15)
~ Web site address : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16798
MFIE: Mozilla Firefox 29.0.1
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Avira Free Antivirus v14.0.3.350
COMODO Internet Security v6.0.2566.2708
Windows Defender W7 (Activate)
---\\ System optimization software
CCleaner v4.14
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4063 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 81 GB (28%) free of 283 GB
---\\ Connection to the system mode
~ Computer Name: MARCELO-PC
~ User Name: Marcelo
~ All Users Names: Marcelo, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo\Desktop\
~ %Favorites% : C:\Users\Marcelo\Favorites\
~ %LocalAppData% : C:\Users\Marcelo\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 81 Go of 283 Go)
D: Hard drive, Flash drive, Thumb drive (Free 88 Go of 298 Go)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: CD-ROM drive (Not Inserted)
J: CD-ROM drive (Not Inserted)
K: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.01/02/2014 - 06:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/7083
~ Mes musiques (My Musics) : 1/8955
~ Mes Videos (My Videos) : 1/186
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 2/1482
~ Mon Bureau (My Desktop) : 23/997
~ Menu demarrer (Programs) : 1/96
~ Hidden Files: Scanned in 00mn 20s
---\\ Process running
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400] [PID.1608]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1916]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.4212]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1048]
[MD5.CCCDC7B64CFF96C977B0FADC24434628] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe [33322312] [PID.4108]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1512]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.7128]
~ Processes Running: Scanned in 00mn 07s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [mihcahmgecmbnbcchbopgniflfhgnkff] Verificador de mensagens do Google v.4.4.0 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Google Chrome Extension Folder
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 04s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Other User Links (O4)
O4 - GS\Program [Public]: Free Trials for QuickBooks, Quicken and TurboTax.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
~ Global Startup: 1 Legitimates Filtered in 00mn 09s
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKCU\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HP Wireless Assistant Module.) -- C:\Program Files (x86)\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [amd_dc_opt] . (.AMD - AMD Dual-Core Optimizer.) -- C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\Cmd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
O34 - HKLM BootExecute: (BootDefrag.exe) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [{1B7D2E31-FC11-4E7E-AE01-DFE07E1D6C07}] (...) -- H:\Bug Corrigido NoSteam - CS Online.exe (.not file.) [0]
[MD5.276250E5A92A3EA2CF53C4C4BBFA7AC8] [APT] [{1F3A724E-3E62-4807-A1E4-9476B34B9879}] (...) -- C:\Users\Marcelo\Downloads\GmailInstaller.exe [299288]
[MD5.00000000000000000000000000000000] [APT] [{33723558-36BE-4E14-B2E4-7E9B307BFEA9}] (...) -- G:\Setup.exe (.not file.) [0]
[MD5.31977D354D0E356689B1A8CD779DFEB5] [APT] [{3FE18C6B-790E-4F1A-87A6-55EEC867DDD9}] (...) -- D:\Age of Mythology Titans\aomx10to103.exe [8058144]
[MD5.00000000000000000000000000000000] [APT] [{4186A594-5F53-4860-B10B-B0C9A2849E75}] (...) -- C:\Users\Marcelo\Desktop\UltraSurf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{479335AC-C06B-4D5E-A7C9-0F0454165429}] (...) -- C:\Users\Marcelo\Desktop\Bug Corrigido NoSteam - CS Online.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{584457F6-6762-4A74-A46D-FDBAB7EE7E89}] (...) -- C:\Users\Marcelo\My Games\Mafia 2\Mafia_II_[[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{71D94853-AB11-4044-924D-B3356E7C0CB0}] (...) -- C:\Users\Marcelo\Desktop\ClamWin_Portable_0.94.1_Rev_2.paf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D57F4D40-35BB-4006-97CA-F10808FE5A08}] (...) -- I:\autorun.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [336]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [896]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [900]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1034]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1086]
~ Scheduled Task: 50 Legitimates Filtered in 00mn 10s
---\\ Drivers launched at startup (O41)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 86 Legitimates Filtered in 00mn 01s
---\\ Software installed (O42)
O42 - Logiciel: ADDONS SITECS (NONSTEAM) - (.www.sitecs.net.) [HKLM][64Bits] -- ADDONS SITECS (NONSTEAM)
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- Capture Solution XE 10.43
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- {D241D9B3-1A51-4E53-85CC-9AC754819013}
O42 - Logiciel: EMChuletator - (...) [HKLM][64Bits] -- EMChuletator
O42 - Logiciel: GPS TrackMaker - (.Geo Studio Technology Ltd.) [HKLM][64Bits] -- {572DDD41-B104-4D5C-BA1B-7A22E92E7A0C}
O42 - Logiciel: GPS TrackMaker PRO - (.Odilon Ferreira Junior (Geo Studio Technologies Ltd.).) [HKLM][64Bits] -- {32EA37A8-B50D-4B38-998F-CD56B3849201}
O42 - Logiciel: Homepage Protection - (.AOL Products.) [HKLM][64Bits] -- Homepage Protection
O42 - Logiciel: Patch v23 versão 2013 - (.SiteCS.) [HKLM][64Bits] -- {C1C3140D-730D-4176-94EC-F1706A929776}_is1
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: RoX aDDons v3.5 - (.RoX Site.) [HKLM][64Bits] -- RoX aDDons_is1
O42 - Logiciel: SlingBoxWatchYourTVAnyWhere - (.Sling Media.) [HKLM][64Bits] -- {4313E16C-811B-469F-8815-6EB98085F8B2}
O42 - Logiciel: Spring 5.1.5 Português_x86 - (...) [HKLM][64Bits] -- Spring 5.1.5 Português_x86
O42 - Logiciel: Stay Live 2000 - (.Gregory Braun -- Software Design.) [HKLM][64Bits] -- Stay Live 2000
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected
~ Logic: 54 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Counter Strike 1.6]
[HKCU\Software\GbAs]
[HKCU\Software\Homepage Protection]
[HKCU\Software\INPE-DPI]
[HKCU\Software\none]
[HKCU\Software\sXe Injected]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\sXe_Injected]
[HKLM\Software\Wow6432Node\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Key Software: 531 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 30/10/2010 - 08:05:01 - [] ----D C:\Program Files (x86)\Counter Strike
O43 - CFD: 06/12/2010 - 14:37:05 - [] ----D C:\Program Files (x86)\EMChuletator
O43 - CFD: 19/05/2012 - 23:35:16 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 12/11/2010 - 18:28:58 - [] ----D C:\Program Files (x86)\GTMPRO
O43 - CFD: 09/08/2009 - 06:18:03 - [] ----D C:\Program Files (x86)\JunoPreloader
O43 - CFD: 15/05/2014 - 01:36:33 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 18/09/2010 - 10:40:25 - [] ----D C:\Program Files (x86)\Spring515_Portugues_x86
O43 - CFD: 28/04/2013 - 16:20:10 - [] ----D C:\Program Files (x86)\Stay Live 2000
O43 - CFD: 14/03/2014 - 13:29:54 - [] ----D C:\Program Files (x86)\sXe Injected
O43 - CFD: 12/11/2010 - 18:27:45 - [] ----D C:\Program Files (x86)\TrackMaker
O43 - CFD: 13/09/2010 - 11:03:16 - [] ----D C:\ProgramData\{348D66EB-BC89-1069-82CA-2F4BDF30189C}
O43 - CFD: 13/09/2010 - 11:01:35 - [] --H-D C:\ProgramData\{7F909CEA-CFE5-45BC-8C18-4466B9A9B6A3}
O43 - CFD: 14/05/2012 - 15:42:24 - [] ----D C:\Users\Marcelo\AppData\Roaming\HU2011
O43 - CFD: 15/05/2014 - 01:40:23 - [] ----D C:\Users\Marcelo\AppData\Local\PokerStars
O43 - CFD: 12/09/2010 - 18:34:44 - [] ----D C:\Users\Marcelo\AppData\Local\Sling_Media,_Inc
O43 - CFD: 15/10/2010 - 13:28:54 - [] ----D C:\Users\Marcelo\AppData\Local\storage
O43 - CFD: 12/05/2012 - 20:02:35 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ADDONS SITECS (NONSTEAM)
O43 - CFD: 15/05/2014 - 01:43:07 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 12/11/2010 - 18:27:46 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker
O43 - CFD: 12/11/2010 - 18:29:00 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker PRO
O43 - CFD: 14/03/2012 - 16:37:56 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ Program Folder: 282 Legitimates Filtered in 00mn 01s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.E9958D1F056E4684C57E0F34076B6107] - 15/05/2014 - 00:50:13 ---A- . (...) -- C:\Windows\M3JPEG.INI [578]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/05/2014 - 18:55:59 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 20:35:59 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.163DA961F8128F7D7488D2213B91BD21] - 26/05/2014 - 20:50:12 ----- . (...) -- C:\zoek-results.log [32290]
O44 - LFC:[MD5.59EF60608A86CEA6B8587B4A56699779] - 27/05/2014 - 20:16:58 ---A- . (...) -- C:\Windows\System32\Drivers\fvstore.dat [175256]
~ Files: 15 Legitimates Filtered in 00mn 58s
---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 24 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"=
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:17/01/2013 - 21:07:36 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:29/06/2009 - 15:17:00 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome(64).) -- C:\Windows\System32\Drivers\enecir.sys [70656]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:23/03/2010 - 14:53:06 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [505344]
O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 82 Legitimates Filtered in 00mn 46s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [Marcelo - 5zeyo61b.default] user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*[...] =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {CC778948-1EA5-4599-AE7A-9807D211DCF4} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.A427535CD5C46D09016574A541A982DB] [SPRF][31/07/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [952]
[MD5.26142233416E6FD8C74B7DAB3D3B4C0A] [SPRF][09/07/2013] (...) -- C:\Users\Marcelo\AppData\Roaming\room_v3.dat [45270]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\AdwCleaner.exe [1327971]
[MD5.8911FBB20555510A14C5FE096B322FE2] [SPRF][02/04/2014] (.PortableApps.com - ClamWin Portable.) -- C:\Users\Marcelo\Desktop\ClamWinPortable_0.98.1_English.paf.exe [7541552]
[MD5.0413F677CA3F7690AF1F03769632BF8C] [SPRF][14/04/2014] (.Dropbox, Inc. - Dropbox 2.6.29 Installer.) -- C:\Users\Marcelo\Desktop\DropboxInstaller.exe [315984]
[MD5.BA48F4C0988795FBEADAE23BE988054D] [SPRF][26/05/2014] (.Bleeping Computer, LLC - Terminates malware processes so that you can run your normal security programs..) -- C:\Users\Marcelo\Desktop\rkill.exe [1940216]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\zoek.exe [1285120]
~ Files: 13 Legitimates Filtered in 00mn 09s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{AEAC4B0C-FDBD-4866-B8FE-8D6777192A63}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{76BC2838-F9AA-4789-9E77-736C0CC56B68}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{A8C402F3-41F7-42DB-904B-30AD9EBBD590}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{39ED5FAB-D01D-4BC4-9AB2-8E7BA9338DAF}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{746FA3FB-69EE-47C8-8B99-4DADFAED5A9D}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DC939A3C-0067-4AC1-B788-47428525AEF7}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 05s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 442 Legitimates Filtered in 00mn 00s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
SS - | Auto 27/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SS - | Auto 02/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Demand 28/10/2010 77944 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
SS - | Demand 05/01/2012 75624 | (AxAutoMntSrv) . (.Alcohol Soft Development Team.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
SS - | Auto 26/05/2011 161080 | (CLPSLS) . (.COMODO.) - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
SS - | Demand 05/05/2009 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Auto 23/04/2014 2135232 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 29/11/2013 2210640 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 08/07/2009 30520 | (hpsrv) . (.Hewlett-Packard.) - C:\Windows\System32\Hpservice.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 11/10/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SS - | Demand 22/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SS - | Auto 21/01/2009 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 23/03/2010 247808 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
SS - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SS - | Demand 26/07/2013 563624 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Disabled 19/10/2010 2011944 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
SS - | Demand 24/06/2013 754584 | (TunngleService) . (.Tunngle.net GmbH.) - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
SR - | Auto 20/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 20/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/07/2009 864032 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 16/04/2014 6817544 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SR - | Demand 25/03/2014 2264280 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SR - | Auto 09/07/2009 124928 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 24/07/2009 146928 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
~ Services: Scanned in 00mn 15s
---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
~ Emulateurs: Scanned in 00mn 15s
---\\ Scan Additionnel (O88)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
~ Additionnel Scan: 545196 Items scanned in 02mn 42s
---\\ Summary of the detections found on your workstation
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MyWebSearch
~ MSI: 1 link(s) detected in 00mn 00s
~ 1206 Legitimates filtered by white list
End of the scan (501 lines in 08mn 00s)(0)
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
Porque quase todos os computadores atualmente estão contaminados por adwares.mas, por que o procedimento para todos os computadores é praticamente igual?
____________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.
Última edição por Power Max em Ter 27 maio 2014, 21:09, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Laptop infectado
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Marcelo at 27/05/2014 20:53:58
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Recycle Bin emptied (00mn 02s)
Repair of browser shortcuts
========== Software ==========
ABSENT Uninstall Process: c:\program files (x86)\common files\homepage protection\uninstall.exe
========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection]
REMOVES Driver Key: Bfilter
REMOVES Driver Key: Bfmon
REMOVES Driver Key: Bnbase
REMOVES Driver Key: Bndef
REMOVES Driver Key: Bprotect
REMOVES: HKCU\Software\Homepage Protection
========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
========== Preferences browser ==========
REMOVES Mozilla Pref: user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*[...]
========== Folders ==========
No folders empty CLSID Local user
========== Files ==========
Deletes temporary Windows (12) (6.193.288 octets)
REMOVES Flash Cookies (0) (0 octets)
========== Scheduled task ==========
REMOVES: {1B7D2E31-FC11-4E7E-AE01-DFE07E1D6C07}
REMOVES: {33723558-36BE-4E14-B2E4-7E9B307BFEA9}
REMOVES: {4186A594-5F53-4860-B10B-B0C9A2849E75}
REMOVES: {479335AC-C06B-4D5E-A7C9-0F0454165429}
REMOVES: {584457F6-6762-4A74-A46D-FDBAB7EE7E89}
REMOVES: {71D94853-AB11-4044-924D-B3356E7C0CB0}
REMOVES: {D57F4D40-35BB-4006-97CA-F10808FE5A08}
========== System restore ==========
The system successfully created restore point
========== Summary ==========
7 : Registry keys
6 : Registry values
1 : Folders
2 : Files
1 : Software
1 : Preferences browser
7 : Scheduled task
1 : System restore
End of clean in 01mn 27s
========== Path to file report ==========
C:\Users\Marcelo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 19:53:53 [2431]
C:\Users\Marcelo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/05/2014 20:54:01 [2204]
Fichier d'export Registre :
Run by Marcelo at 27/05/2014 20:53:58
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Recycle Bin emptied (00mn 02s)
Repair of browser shortcuts
========== Software ==========
ABSENT Uninstall Process: c:\program files (x86)\common files\homepage protection\uninstall.exe
========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection]
REMOVES Driver Key: Bfilter
REMOVES Driver Key: Bfmon
REMOVES Driver Key: Bnbase
REMOVES Driver Key: Bndef
REMOVES Driver Key: Bprotect
REMOVES: HKCU\Software\Homepage Protection
========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
========== Preferences browser ==========
REMOVES Mozilla Pref: user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*[...]
========== Folders ==========
No folders empty CLSID Local user
========== Files ==========
Deletes temporary Windows (12) (6.193.288 octets)
REMOVES Flash Cookies (0) (0 octets)
========== Scheduled task ==========
REMOVES: {1B7D2E31-FC11-4E7E-AE01-DFE07E1D6C07}
REMOVES: {33723558-36BE-4E14-B2E4-7E9B307BFEA9}
REMOVES: {4186A594-5F53-4860-B10B-B0C9A2849E75}
REMOVES: {479335AC-C06B-4D5E-A7C9-0F0454165429}
REMOVES: {584457F6-6762-4A74-A46D-FDBAB7EE7E89}
REMOVES: {71D94853-AB11-4044-924D-B3356E7C0CB0}
REMOVES: {D57F4D40-35BB-4006-97CA-F10808FE5A08}
========== System restore ==========
The system successfully created restore point
========== Summary ==========
7 : Registry keys
6 : Registry values
1 : Folders
2 : Files
1 : Software
1 : Preferences browser
7 : Scheduled task
1 : System restore
End of clean in 01mn 27s
========== Path to file report ==========
C:\Users\Marcelo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 19:53:53 [2431]
C:\Users\Marcelo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/05/2014 20:54:01 [2204]
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.
-
Meus deus, o PC esta completamente mudado, foi um mendigo que tomou um banho.
-A velocidade de utilização esta foguete;
-Pastas, programas, musicas, vídeos estão sendo executadas numa velocidade incrível;
-Ao iniciar o computador, ele se encontra limpo e pronto pra uso;
-Não sou mais direcionado pra links suspeitos a todo momento;
-Os processos consomem memória normalmente;
-Processos inúteis evaporaram;
enfim, MUITO OBRIGADO!
excelente fórum, excelente trabalho.
marcelosteffler- Iniciante
- Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014
Re: Laptop infectado
Fico feliz que o problema tenha sido resolvido.
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Laptop infectado
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos