Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14807 usuários registrados
O último membro registrado é Costa24

Os nossos membros postaram um total de 36045 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por joram Hoje à(s) 22:08

Quem está conectado?
25 usuários online :: 0 registrados, 0 invisíveis e 25 visitantes :: 1 motor de busca

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

março 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
25262728293031

Calendário Calendário


Laptop infectado

3 participantes

Ir para baixo

Laptop infectado Empty Laptop infectado

Mensagem por marcelosteffler Seg 26 maio 2014, 20:11

Olá,

gostaria de ajuda para medicar meu laptop, ele esta pedindo agua e eu nao estou dando conta de tanto adware nos instaladores....

eu uso o Avira personal, e o COMODO firewall

preciso de softwares eficientes e específicos para grande parte das categorias (adwares, keyloggers, worms, trojan, rootkits principalmente etc...)

agradeço desde já!
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Danii Seg 26 maio 2014, 20:15

Laptop infectado 648673379  Olá . Seja bem vindo ao Fórum PC Brasil.

Laptop infectado 772309 Vou iniciar a verificação contigo e posteriormente o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] dará continuidade ok.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Laptop infectado 772309 Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.
Danii
Danii
Membro Pleno
Membro Pleno

Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Seg 26 maio 2014, 20:23

# AdwCleaner v3.211 - Report created 26/05/2014 at 20:16:13
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Marcelo - MARCELO-PC
# Running from : C:\Users\Marcelo\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IePluginServices
[#] Service Deleted : Wpm
[#] Service Deleted : yewimmxqbs64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\webget
Folder Deleted : C:\Program Files\002
Folder Deleted : C:\Program Files\RrSavings
Folder Deleted : C:\Users\Marcelo\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Marcelo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\baidu
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\cacaoweb
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Public\Documents\baidu
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\Extensions\cacaoweb@cacaoweb.org
Folder Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\Extensions\quick_start@gmail.com
Folder Deleted : C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Marcelo\daemonprocess.txt
File Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
File Deleted : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\searchplugins\trovi-search.xml

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Offline Email Notifier for Gmail™.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\f4dad1b63ab815
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_boniatti-financial_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_boniatti-financial_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_connectify-hotspot_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_connectify-hotspot_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_everest-portable_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_everest-portable_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_megacubo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pascal-zim_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pascal-zim_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\webget
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\sweet-pageSoftware
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\webget
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\RrSavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RrSavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webget
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ File : C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js ]

Line Deleted : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1750559.CTID", "CT1750559");
Line Deleted : user_pref("CT1750559.CurrentServerDate", "20-8-2010");
Line Deleted : user_pref("CT1750559.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1750559.FirstServerDate", "20-8-2010");
Line Deleted : user_pref("CT1750559.FirstTime", true);
Line Deleted : user_pref("CT1750559.FirstTimeFF3", true);
Line Deleted : user_pref("CT1750559.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1750559.Initialize", true);
Line Deleted : user_pref("CT1750559.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1750559.InstalledDate", "Fri Aug 20 2010 12:35:02 GMT-0300");
Line Deleted : user_pref("CT1750559.InvalidateCache", false);
Line Deleted : user_pref("CT1750559.IsGrouping", false);
Line Deleted : user_pref("CT1750559.IsMulticommunity", false);
Line Deleted : user_pref("CT1750559.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT1750559.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT1750559.LanguagePackLastCheckTime", "Fri Aug 20 2010 12:35:13 GMT-0300");
Line Deleted : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1750559.LastLogin_2.5.6.0", "Fri Aug 20 2010 12:35:03 GMT-0300");
Line Deleted : user_pref("CT1750559.LatestVersion", "2.7.2.0");
Line Deleted : user_pref("CT1750559.Locale", "en-us");
Line Deleted : user_pref("CT1750559.LoginCache", 4);
Line Deleted : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1750559.RadioIsPodcast", false);
Line Deleted : user_pref("CT1750559.RadioLastCheckTime", "Fri Aug 20 2010 12:35:04 GMT-0300");
Line Deleted : user_pref("CT1750559.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT1750559.RadioMediaID", "11237206");
Line Deleted : user_pref("CT1750559.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Line Deleted : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Line Deleted : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Line Deleted : user_pref("CT1750559.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT1750559.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1750559&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=");
Line Deleted : user_pref("CT1750559.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.SearchInNewTabLastCheckTime", "Fri Aug 20 2010 12:35:04 GMT-0300");
Line Deleted : user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1750559.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1750559.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT1750559.SettingsLastCheckTime", "Fri Aug 20 2010 12:34:58 GMT-0300");
Line Deleted : user_pref("CT1750559.SettingsLastUpdate", "1279810519");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Fri Aug 20 2010 12:34:58 GMT-0300");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT1750559.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT1750559.UserID", "UN12240769900171378");
Line Deleted : user_pref("CT1750559.WeatherNetwork", "");
Line Deleted : user_pref("CT1750559.WeatherPollDate", "Fri Aug 20 2010 12:35:09 GMT-0300");
Line Deleted : user_pref("CT1750559.WeatherUnit", "C");
Line Deleted : user_pref("CT1750559.alertChannelId", "31130");
Line Deleted : user_pref("CT1750559.clientLogIsEnabled", false);
Line Deleted : user_pref("CT1750559.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1750559.myStuffEnabled", true);
Line Deleted : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1750559.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1750559.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Line Deleted : user_pref("browser.search.defaultenginename", "sweet-page");
Line Deleted : user_pref("browser.search.selectedEngine", "sweet-page");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.sweet-page.com/?type=hppp&ts=1400125642&from=cor&uid=TOSHIBAXMK3256GSY_Y9JMT4VKTXXY9JMT4VKT");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "d24826dd0000000000000026c60f464d");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15649");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d24826dd0000000000000026c60f464d&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111738&tt=100512_2_");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d24826dd0000000000000026c60f464d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "d24826dd0000000000000026c60f464d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15470");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.822:12:41");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.80\",\"d\":\"051314\"},\"h\":{\"pogo.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/connect\\\\.facebook\\\\.net\\\\/en_US\\\\/all\\\\.js$/i\"]}]}[...]
Line Deleted : user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.71\",\"d\":\"050714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp://ads.adtrustmedia.com/con[...]
Line Deleted : user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B%0A%09de[...]
Line Deleted : user_pref("extensions.trusted-ads.suggestions", "{\"u\":{\"v\":\"1.19\",\"d\":\"041614\"},\"t\":\"Verified Official Site\",\"s\":[{\"k\":\"amaz\",\"t\":\"amazon.com\",\"v\":\"[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

-\\ Google Chrome v

[ File : C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja

*************************

AdwCleaner[R0].txt - [23522 octets] - [26/05/2014 20:13:00]
AdwCleaner[S0].txt - [20899 octets] - [26/05/2014 20:16:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20960 octets] ##########
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Seg 26 maio 2014, 20:55

ANTECIPANDO - segue a seguir o relatório do ZOEK

-


Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Marcelo on 26/05/2014 at 20:36:16,29.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK Internet Access Detected
Launched: C:\Users\Marcelo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BEC2075C-8E0A-4EB6-8D5D-A840665B39C9} deleted successfully
HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F1846CBD-F074-412E-842E-3E236808537F} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js:
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js:

ProfilePath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_052014_2045_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUT2C9D.tmp deleted
C:\PROGRA~2\GUT39B3.tmp deleted
C:\PROGRA~2\GUT452D.tmp deleted
C:\PROGRA~2\GUT5494.tmp deleted
C:\PROGRA~2\GUTA9E6.tmp deleted
C:\PROGRA~2\GUTACE8.tmp deleted
C:\PROGRA~2\GUTAD9D.tmp deleted
C:\PROGRA~2\GUTD144.tmp deleted
C:\PROGRA~2\GUTE0CD.tmp deleted
C:\PROGRA~2\GUM2C9C.tmp deleted
C:\PROGRA~2\GUM39A2.tmp deleted
C:\PROGRA~2\GUM452C.tmp deleted
C:\PROGRA~2\GUM5493.tmp deleted
C:\PROGRA~2\GUMA9B6.tmp deleted
C:\PROGRA~2\GUMAD8D.tmp deleted
C:\PROGRA~2\GUMD143.tmp deleted
C:\PROGRA~2\GUME0CC.tmp deleted
C:\PROGRA~2\SqueakyChocolate deleted
C:\Users\Marcelo\AppData\Local\cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\user.js deleted
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\extensions\firefox@webwebget.com.xpi deleted
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\jetpack deleted
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\extensions\PrivDog@AdTrustMedia.com deleted
"C:\Users\Marcelo\AppData\Local\{533987F3-AAB2-4496-8142-B15387EC103B}" deleted
"C:\Users\Marcelo\AppData\Roaming\nswb\icr.dll" deleted
"C:\Users\Marcelo\AppData\Roaming\Faces\Faces.prf" deleted
"C:\Users\Marcelo\AppData\Roaming\nswb" deleted
"C:\Users\Marcelo\AppData\Roaming\Faces" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default
- BlackSheep - %ProfilePath%\extensions\jsobrier@zscaler.com
- SmileysWeLove: Smileys for use with Facebook GMail and more - %ProfilePath%\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi
- PrivDog - %ProfilePath%\extensions\PrivDog@AdTrustMedia.com.xpi
- Torbutton - %ProfilePath%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
785105A23650755A8F7A72405EB0D923 - C:\Users\Marcelo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Marcelo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
855B79451ECF62602F20EB4D5C71F99B - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
33E87713C7FE08C5F861E2819ED33A0E - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)


==== Deleted Firefox Extensions ======================

C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]

Comodo DragDrop Service - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
PrivDog - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Comodo Share Page Service - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
Google Wallet - Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Docs - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Offline Email Notifier for Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\clemkkclfcecinlbelmbmmfbclaeifpj
Adblock for Youtube - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk
Google Search - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Sigerson Morrison - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcpgmpfeoahblfncaooigccakcgngjbh
SmartVideo - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp
Google Mail Checker - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Google Wallet - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Checker Plus for Gmailâ„¢ - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj
Gmail - Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_furmark.softonic.com.br_0.localstorage deleted successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_furmark.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage deleted successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.oquefazernainternet.com/q/%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
"Default_Search_URL"="http://www.oquefazernainternet.com/"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
"Default_Search_URL"="http://www.oquefazernainternet.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{CC778948-1EA5-4599-AE7A-9807D211DCF4} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=HPNTDF"

==== Reset Google Chrome ======================

C:\Users\Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Preferences was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Marcelo\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
HKEY_USERS\S-1-5-21-648650066-4006766464-4025382557-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14f95421-c981-4820-954e-d83c8537f54c} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Marcelo\Desktop\Downloads.lnk - C:\Users\Marcelo\Downloads
C:\Users\Marcelo\Desktop\Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Marcelo\Desktop\Inicializador de aplicativos do Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe --show-app-list
C:\Users\Marcelo\Desktop\Marcelo - Shortcut.lnk - C:\Marcelo
C:\Users\Marcelo\Desktop\Marcelo 2.lnk - C:\Users\Marcelo
C:\Users\Marcelo\Desktop\Music.lnk - C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
C:\Users\Marcelo\Desktop\Pictures.lnk - C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
C:\Users\Marcelo\Desktop\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Marcelo\Desktop\Games\Age of Empires 3.lnk - D:\Age 3\age3.exe
C:\Users\Marcelo\Desktop\Games\Age of Empires III - The Asian Dynasties.lnk - D:\Age 3\age3y.exe
C:\Users\Marcelo\Desktop\Games\Age of Empires III The Asian Dynasties.lnk -
C:\Users\Marcelo\Desktop\Games\Age of Empires III.lnk -
C:\Users\Marcelo\Desktop\Games\Age of Mythology - The Titans.lnk - D:\Age of Myt\Age\aomx.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\Age of Mythologyy.lnk - D:\AOM - léo\Age of Mythology\aom.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\aom - Shortcut.lnk - D:\AOM - léo\Age of Mythology\aom.exe
C:\Users\Marcelo\Desktop\Games\aomx - CPLX.lnk - D:\Age of Myt\Age\aomx.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\aomx - FREITAS.lnk - D:\Age of Myt - Freitas\Age of Mythology Titans\aomx.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\Burnout Paradise.lnk - C:\Program Files (x86)\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe
C:\Users\Marcelo\Desktop\Games\Call Of Duty - Word At War Multiplayer.lnk - D:\Cod5 - WAW\CoDWaWmp.exe +set fs_game "mods/PeZBOTWAW"
C:\Users\Marcelo\Desktop\Games\Call Of Duty - Word At War Single Player.lnk - D:\Cod5 - WAW\CoDWaW.exe
C:\Users\Marcelo\Desktop\Games\Counter-Strike 1.6 SiteCS.lnk - C:\Program Files (x86)\Valve\hl.exe -nomaster -game cstrike
C:\Users\Marcelo\Desktop\Games\Counter-Strike 1.6.lnk - C:\Program Files (x86)\Valve\hl.exe -game cstrike
C:\Users\Marcelo\Desktop\Games\Curse Of Monkey Island.lnk - C:\Program Files (x86)\Lucasarts\Curse\CMI Launcher.exe
C:\Users\Marcelo\Desktop\Games\Dedicated Server.lnk - C:\Program Files (x86)\Valve\hlds.exe -game cstrike -insecure
C:\Users\Marcelo\Desktop\Games\GunboundPS.lnk - C:\Game\SoftnyxGame\GunBoundPS\NyxLauncher.exe
C:\Users\Marcelo\Desktop\Games\Hlds Update Tool.lnk - C:\TF2server\HldsUpdateTool.exe c:\TF2server\HldsUpdateTool -command update -game tf -dir C:\TF2server
C:\Users\Marcelo\Desktop\Games\loader - Shortcut.lnk - D:\Age of Mythology Titans\loader.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\Loader.lnk - D:\Age of Mythology Titans\loader.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\NBA 2K11.lnk - D:\NBA 2k11\nba2k11.exe
C:\Users\Marcelo\Desktop\Games\Portal 2.lnk - D:\Portal 2\portal2.exe
C:\Users\Marcelo\Desktop\Games\scummvm - Shortcut.lnk - C:\Program Files (x86)\Lucasarts\scummvm-x64\scummvm-x64\scummvm.exe
C:\Users\Marcelo\Desktop\Games\Servidor Dedicado.lnk - C:\Program Files (x86)\Valve\hlds.exe -game cstrike -insecure
C:\Users\Marcelo\Desktop\Games\SimCity 4 - Shortcut.lnk - C:\Program Files (x86)\Maxis\SimCity 4 Deluxe\Apps\SimCity 4.exe -CustomResolution:enabled -r1600x900x32
C:\Users\Marcelo\Desktop\Games\SimCity 4 Deluxe.lnk - C:\Program Files (x86)\Maxis\SimCity 4 Deluxe\Apps\SimCity 4.exe -CustomResolution:enabled -r1600x900x32 -f
C:\Users\Marcelo\Desktop\Games\Sniper Ghost Warrior.lnk - C:\Program Files (x86)\City Interactive\Sniper Ghost Warrior\Sniper_x86.exe
C:\Users\Marcelo\Desktop\Games\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Marcelo\Desktop\Games\sXe Injected.lnk - C:\Program Files (x86)\sXe Injected\sxe injected.exe
C:\Users\Marcelo\Desktop\Games\The Sims 8 in 1.lnk - C:\Program Files (x86)\Maxis\The Sims 8 in 1\The Sims\Sims.exe xres=1600 yres=900
C:\Users\Marcelo\Desktop\Games\WA - Shortcut.lnk - C:\Users\Marcelo\Downloads\WORMS\Worms Armageddon v3.7.2.1\WA.exe
C:\Users\Marcelo\Desktop\Shortcuts\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Marcelo\Desktop\Shortcuts\Alcohol 120%.lnk - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Users\Marcelo\Desktop\Shortcuts\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Marcelo\Desktop\Shortcuts\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Marcelo\Desktop\Shortcuts\Comodo Dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Users\Marcelo\Desktop\Shortcuts\COMODO Firewall.lnk - C:\Program Files (x86)\COMODO\COMODO Internet Security\cistray.exe --shortcut
C:\Users\Marcelo\Desktop\Shortcuts\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Marcelo\Desktop\Shortcuts\CyberLink DVD Suite.lnk - C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe
C:\Users\Marcelo\Desktop\Shortcuts\Defraggler.lnk - C:\Program Files (x86)\Defraggler\Defraggler64.exe
C:\Users\Marcelo\Desktop\Shortcuts\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\Marcelo\Desktop\Shortcuts\Firemin - Shortcut.lnk - C:\Marcelo\Documentos Pessoais em geral\firemin-030300\firemin-030300\Firemin.exe
C:\Users\Marcelo\Desktop\Shortcuts\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Marcelo\Desktop\Shortcuts\Hamachi.lnk - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Marcelo\Desktop\Shortcuts\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HPScan.exe
C:\Users\Marcelo\Desktop\Shortcuts\HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Marcelo\Desktop\Shortcuts\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Marcelo\Desktop\Shortcuts\Shared Space.lnk - C:\ProgramData\Shared Space
C:\Users\Marcelo\Desktop\Shortcuts\Shop for Supplies - HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\hpqDTSS.exe
C:\Users\Marcelo\Desktop\Shortcuts\Stay Live 2000.lnk - C:\Program Files (x86)\Software by Design\StayLive.exe
C:\Users\Marcelo\Desktop\Shortcuts\StayLive - Shortcut.lnk - C:\Program Files (x86)\Software by Design\StayLive.exe
C:\Users\Marcelo\Desktop\Shortcuts\Virtual Comodo Dragon.lnk - C:\Program Files (x86)\COMODO\COMODO Internet Security\virtkiosk.exe -v "C:\Program Files (x86)\Comodo\Dragon\dragon.exe"

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Offline Email Notifier for Gmail™.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk - C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Uninstall.lnk - C:\Program Files (x86)\Glary Utilities 5\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Website.lnk - C:\Program Files (x86)\Glary Utilities 5\Glary Utilities 5.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSplayer\bsplayer.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk - C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 5.lnk - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk - C:\Program Files (x86)\Tunngle\Tunngle.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\AutoCAD 2006.lnk - C:\Program Files (x86)\AutoCAD 2006\acad.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CorelDRAW 12.lnk - C:\Windows\Installer\{505AFDC0-5E72-4928-8368-5DEA385E3647}\NewShortcut1.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office - 60 Day Trial.lnk - C:\Program Files (x86)\Microsoft Office Suite Activation Assistant\OAA.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2007 (2).lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007 (2).lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Marcelo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="local;*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cacaoweb deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPCam_Menu deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSafeWDS deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateChecker deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Marcelo\AppData\Local\Mozilla\Firefox\Profiles\5zeyo61b.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=858 folders=52 277834118 bytes)

==== Empty Temp Folders ======================

C:\Users\Marcelo\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Marcelo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 26/05/2014 at 20:50:12,64 ======================
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Seg 26 maio 2014, 21:18

RELATÓRIO DO Junkware Removal Tool A SEGUIR:

-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Marcelo on 26/05/2014 at 21:05:21,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-648650066-4006766464-4025382557-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adtrustmedia"
Successfully deleted: [Folder] "C:\Program Files (x86)\adtrustmedia"
Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"



~~~ FireFox

Emptied folder: C:\Users\Marcelo\AppData\Roaming\mozilla\firefox\profiles\5zeyo61b.default\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2014 at 21:08:52,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Seg 26 maio 2014, 21:31

RELATÓRIO DO ZHPDiag:

-

~ Report of ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Launched by Marcelo (26/05/2014 21:26:07)
~ Web site address : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user


---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16798
MFIE: Mozilla Firefox 29.0.1

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Avira Free Antivirus v14.0.3.350
COMODO Internet Security v6.0.2566.2708
Windows Defender W7 (Activate)

---\\ System optimization software
CCleaner v4.07

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Total RAM: 4063 MB (72% free)
System Restore: Activé (Enable)
System drive C: has 83 GB (29%) free of 283 GB

---\\ Connection to the system mode
~ Computer Name: MARCELO-PC
~ User Name: Marcelo
~ All Users Names: Marcelo, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo\Desktop\
~ %Favorites% : C:\Users\Marcelo\Favorites\
~ %LocalAppData% : C:\Users\Marcelo\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 83 Go of 283 Go)
D: Hard drive, Flash drive, Thumb drive (Free 88 Go of 298 Go)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
F: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.01/02/2014 - 06:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/7083
~ Mes musiques (My Musics) : 1/8955
~ Mes Videos (My Videos) : 1/186
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 2/1482
~ Mon Bureau (My Desktop) : 23/991
~ Menu demarrer (Programs) : 1/96
~ Hidden Files: Scanned in 00mn 22s



---\\ Process running
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1768]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.2888]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Google Chrome Extension Folder
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Other User Links (O4)
O4 - GS\Program [Public]: Free Trials for QuickBooks, Quicken and TurboTax.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
~ Global Startup: 1 Legitimates Filtered in 00mn 03s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKCU\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HP Wireless Assistant Module.) -- C:\Program Files (x86)\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [amd_dc_opt] . (.AMD - AMD Dual-Core Optimizer.) -- C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [ComodoFSChrome] C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\RunOnce: [Report] . (...) -- C:\AdwCleaner\AdwCleaner[S0].txt
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: PrivDog [64Bits] - {2F5C139F-79BD-4C84-A95A-E7140525BC55} . (.AdTrustMedia - PrivDog Extension.) -- C:\Program Files\AdTrustMedia\PrivDog\2.1.0.23\trustedads.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5171070C-B9D6-410E-9462-4F033E32E3AF}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{DB0ED3DD-6C22-42F0-9186-680D17A359D7}: NameServer = 8.8.8.8,8.8.4.4 =>.Google DNS Redirections
O17 - HKLM\System\CS2\Services\Tcpip\..\{6D47A42F-82C1-4D69-838A-9FEE3BF528D6}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
O34 - HKLM BootExecute: (BootDefrag.exe) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Task Planned Automatically (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [336]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [896]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [900]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1034]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1086]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s



---\\ Drivers launched at startup (O41)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 96 Legitimates Filtered in 00mn 00s



---\\ Software installed (O42)
O42 - Logiciel: ADDONS SITECS (NONSTEAM) - (.www.sitecs.net.) [HKLM][64Bits] -- ADDONS SITECS (NONSTEAM)
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- Capture Solution XE 10.43
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- {D241D9B3-1A51-4E53-85CC-9AC754819013}
O42 - Logiciel: EMChuletator - (...) [HKLM][64Bits] -- EMChuletator
O42 - Logiciel: GPS TrackMaker - (.Geo Studio Technology Ltd.) [HKLM][64Bits] -- {572DDD41-B104-4D5C-BA1B-7A22E92E7A0C}
O42 - Logiciel: GPS TrackMaker PRO - (.Odilon Ferreira Junior (Geo Studio Technologies Ltd.).) [HKLM][64Bits] -- {32EA37A8-B50D-4B38-998F-CD56B3849201}
O42 - Logiciel: Homepage Protection - (.AOL Products.) [HKLM][64Bits] -- Homepage Protection
O42 - Logiciel: Patch v23 versão 2013 - (.SiteCS.) [HKLM][64Bits] -- {C1C3140D-730D-4176-94EC-F1706A929776}_is1
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: RoX aDDons v3.5 - (.RoX Site.) [HKLM][64Bits] -- RoX aDDons_is1
O42 - Logiciel: SlingBoxWatchYourTVAnyWhere - (.Sling Media.) [HKLM][64Bits] -- {4313E16C-811B-469F-8815-6EB98085F8B2}
O42 - Logiciel: Spring 5.1.5 Português_x86 - (...) [HKLM][64Bits] -- Spring 5.1.5 Português_x86
O42 - Logiciel: Stay Live 2000 - (.Gregory Braun -- Software Design.) [HKLM][64Bits] -- Stay Live 2000
O42 - Logiciel: UpdateChecker - (.SqueakyChocolate, LLC.) [HKLM][64Bits] -- SqueakyChocolate, LLC UpdateChecker
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected
~ Logic: 54 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\Counter Strike 1.6]
[HKCU\Software\GbAs]
[HKCU\Software\Homepage Protection]
[HKCU\Software\INPE-DPI]
[HKCU\Software\none]
[HKCU\Software\sXe Injected]
[HKLM\Software\Wow6432Node\360Safe]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
[HKLM\Software\Wow6432Node\sXe_Injected]
[HKLM\Software\Wow6432Node\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Key Software: 536 Legitimates Filtered in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 30/10/2010 - 08:05:01 - [] ----D C:\Program Files (x86)\Counter Strike
O43 - CFD: 06/12/2010 - 14:37:05 - [] ----D C:\Program Files (x86)\EMChuletator
O43 - CFD: 19/05/2012 - 23:35:16 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 12/11/2010 - 18:28:58 - [] ----D C:\Program Files (x86)\GTMPRO
O43 - CFD: 09/08/2009 - 06:18:03 - [] ----D C:\Program Files (x86)\JunoPreloader
O43 - CFD: 15/05/2014 - 01:36:33 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 18/09/2010 - 10:40:25 - [] ----D C:\Program Files (x86)\Spring515_Portugues_x86
O43 - CFD: 28/04/2013 - 16:20:10 - [] ----D C:\Program Files (x86)\Stay Live 2000
O43 - CFD: 14/03/2014 - 13:29:54 - [] ----D C:\Program Files (x86)\sXe Injected
O43 - CFD: 12/11/2010 - 18:27:45 - [] ----D C:\Program Files (x86)\TrackMaker
O43 - CFD: 15/05/2014 - 00:36:26 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 13/09/2010 - 11:03:16 - [] ----D C:\ProgramData\{348D66EB-BC89-1069-82CA-2F4BDF30189C}
O43 - CFD: 13/09/2010 - 11:01:35 - [] --H-D C:\ProgramData\{7F909CEA-CFE5-45BC-8C18-4466B9A9B6A3}
O43 - CFD: 14/05/2012 - 15:42:24 - [] ----D C:\Users\Marcelo\AppData\Roaming\HU2011
O43 - CFD: 15/05/2014 - 01:40:23 - [] ----D C:\Users\Marcelo\AppData\Local\PokerStars
O43 - CFD: 12/09/2010 - 18:34:44 - [] ----D C:\Users\Marcelo\AppData\Local\Sling_Media,_Inc
O43 - CFD: 15/10/2010 - 13:28:54 - [] ----D C:\Users\Marcelo\AppData\Local\storage
O43 - CFD: 12/05/2012 - 20:02:35 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ADDONS SITECS (NONSTEAM)
O43 - CFD: 15/05/2014 - 01:43:07 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 12/11/2010 - 18:27:46 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker
O43 - CFD: 12/11/2010 - 18:29:00 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker PRO
O43 - CFD: 14/03/2012 - 16:37:56 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ Program Folder: 283 Legitimates Filtered in 00mn 02s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.E9958D1F056E4684C57E0F34076B6107] - 15/05/2014 - 00:50:13 ---A- . (...) -- C:\Windows\M3JPEG.INI [578]
O44 - LFC:[MD5.B437454FF39614D501E45B58B06155F1] - 26/05/2014 - 18:39:52 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [23248]
O44 - LFC:[MD5.B437454FF39614D501E45B58B06155F1] - 26/05/2014 - 18:39:52 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [23248]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/05/2014 - 18:55:59 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 20:35:59 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.1691E86A35EEF9936F9F877960A8651C] - 26/05/2014 - 20:49:57 ---A- . (...) -- C:\Windows\ntbtlog.txt [497880]
O44 - LFC:[MD5.163DA961F8128F7D7488D2213B91BD21] - 26/05/2014 - 20:50:12 ---A- . (...) -- C:\zoek-results.log [32290]
~ Files: 17 Legitimates Filtered in 00mn 05s



---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{1b750b69-a7ec-11df-84e9-0027134cb7ab}\AutoRun\command. (...) -- G:\AutoRun.exe (.not file.)
O51 - MPSK:{3cfc78f2-ad3f-11df-9133-0027134cb7ab}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 24 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"=
~ MWPS: 22 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:17/01/2013 - 21:07:36 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:29/06/2009 - 15:17:00 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome(64).) -- C:\Windows\System32\Drivers\enecir.sys [70656]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:23/03/2010 - 14:53:06 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [505344]
O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 82 Legitimates Filtered in 00mn 38s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Comodo - Comodo Dragon.) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {CC778948-1EA5-4599-AE7A-9807D211DCF4} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.A427535CD5C46D09016574A541A982DB] [SPRF][31/07/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [952]
[MD5.26142233416E6FD8C74B7DAB3D3B4C0A] [SPRF][09/07/2013] (...) -- C:\Users\Marcelo\AppData\Roaming\room_v3.dat [45270]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\AdwCleaner.exe [1327971]
[MD5.8911FBB20555510A14C5FE096B322FE2] [SPRF][02/04/2014] (.PortableApps.com - ClamWin Portable.) -- C:\Users\Marcelo\Desktop\ClamWinPortable_0.98.1_English.paf.exe [7541552]
[MD5.0413F677CA3F7690AF1F03769632BF8C] [SPRF][14/04/2014] (.Dropbox, Inc. - Dropbox 2.6.29 Installer.) -- C:\Users\Marcelo\Desktop\DropboxInstaller.exe [315984]
[MD5.BA48F4C0988795FBEADAE23BE988054D] [SPRF][26/05/2014] (.Bleeping Computer, LLC - Terminates malware processes so that you can run your normal security programs..) -- C:\Users\Marcelo\Desktop\rkill.exe [1940216]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\zoek.exe [1285120]
~ Files: 13 Legitimates Filtered in 00mn 03s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{AEAC4B0C-FDBD-4866-B8FE-8D6777192A63}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{76BC2838-F9AA-4789-9E77-736C0CC56B68}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{A8C402F3-41F7-42DB-904B-30AD9EBBD590}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{39ED5FAB-D01D-4BC4-9AB2-8E7BA9338DAF}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{746FA3FB-69EE-47C8-8B99-4DADFAED5A9D}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DC939A3C-0067-4AC1-B788-47428525AEF7}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 02s



---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 1 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 446 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
SS - | Auto 27/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SS - | Auto 02/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Auto 20/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SS - | Auto 20/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SS - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 28/10/2010 77944 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
SS - | Demand 05/01/2012 75624 | (AxAutoMntSrv) . (.Alcohol Soft Development Team.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
SS - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 30/07/2009 864032 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SS - | Auto 16/04/2014 6817544 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SS - | Demand 25/03/2014 2264280 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SS - | Demand 05/05/2009 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Auto 23/04/2014 2135232 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 09/07/2009 124928 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 08/07/2009 30520 | (hpsrv) . (.Hewlett-Packard.) - C:\Windows\System32\Hpservice.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 11/10/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SS - | Demand 22/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SS - | Auto 21/01/2009 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 23/03/2010 247808 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
SS - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SS - | Demand 26/07/2013 563624 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Disabled 19/10/2010 2011944 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
SS - | Demand 24/06/2013 754584 | (TunngleService) . (.Tunngle.net GmbH.) - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
SS - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Auto 24/07/2009 146928 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
SR - | Auto 26/05/2011 161080 | (CLPSLS) . (.COMODO.) - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
SR - | Auto 29/11/2013 2210640 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
~ Emulateurs: Scanned in 00mn 09s



---\\ Scan Additionnel (O88)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
~ Additionnel Scan: 545553 Items scanned in 02mn 06s



---\\ Summary of the detections found on your workstation
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.MyPCBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SearchSettings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
~ MSI: 5 link(s) detected in 00mn 00s



~ 1184 Legitimates filtered by white list
End of the scan (521 lines in 04mn 02s)(0)
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Danii Seg 26 maio 2014, 21:36

Eu vou pedir pra você aguardar.
Seus relatórios estão sendo analisados.

Aguarde os próximos procedimentos, por favor.
Danii
Danii
Membro Pleno
Membro Pleno

Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Power Max Ter 27 maio 2014, 12:22

Laptop infectado 772309  Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________________

Laptop infectado 772309  Este programa Homepage Protection (da AOL Products) foi você quem instalou?
___________________________________________________________________________________________________________

Laptop infectado 772309  Sugiro que desinstale o Bonjour, que é desnecessário.
___________________________________________________________________________________________________________

Laptop infectado 772309  Faça o download do Usbfix [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (ao acessar a página clique no botão representado nesta imagem (na parte inferior direita da página) para baixá-lo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Utilize o USBFix conforme é mostrado nesta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________________________________________

Laptop infectado 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Laptop infectado 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste-o em sua próxima resposta juntamente com o log (relatório) do Usbfix que estará em C:\UsbFix.txt


Última edição por Power Max em Ter 27 maio 2014, 21:10, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Ter 27 maio 2014, 18:28

Olá,

eu gostaria de remover esse item da inicialização também, como faço?

[img][Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][/img]
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Power Max Ter 27 maio 2014, 18:34

Para impedir que um determinado programa inicie automaticamente com o Windows basta clicar com o botão direito do mouse sobre ele e depois disto clique na opção Desativar.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Ter 27 maio 2014, 19:00

eu clico, porém eu recebo uma mensagem de erro.

inclusive, a primeira linha do comando que voce me mandou é essa:

"O4 - HKLM\..\Wow6432Node\Run: [ComodoFSChrome] C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe (.not file.) "

praticamente um arquivo desconhecido, inicializando junto com o windows, impedindo o meu privdog de atuar.
e só apareceu depois que eu baxei aqueles diagnósticos todos.
Oque significa isso?
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Power Max Ter 27 maio 2014, 19:06

Siga as outras dicas que te passei na resposta anterior e poste os relatórios solicitados para que possamos analisar.


Última edição por Power Max em Ter 27 maio 2014, 21:10, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Ter 27 maio 2014, 19:41

o HOME PROTECTION da AOL eu nao consigo desisntalar - "the system cannot find the file - error 2"
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Power Max Ter 27 maio 2014, 19:46

Sim, siga então as outras dicas que te passei e poste os relatórios pedidos.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Ter 27 maio 2014, 19:55

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Marcelo at 27/05/2014 19:53:47
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 06s)
Repair of browser shortcuts

========== Software ==========
ABSENT Uninstall Process: c:\program files (x86)\squeakychocolate\updatechecker\uninstall.exe

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SqueakyChocolate, LLC UpdateChecker]
REMOVES:* CLSID Extra Buttons: {2F5C139F-79BD-4C84-A95A-E7140525BC55}
REMOVES Driver Key: Bfilter
REMOVES Driver Key: Bfmon
REMOVES Driver Key: Bnbase
REMOVES Driver Key: Bndef
REMOVES Driver Key: Bprotect
REMOVES: HKCU\Software\Baidu Security
REMOVES: HKLM\Software\Wow6432Node\360Safe
REMOVES: HKLM\Software\Wow6432Node\Baidu Security
REMOVES: HKLM\Software\Wow6432Node\SupDp
REMOVES:* CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
REMOVES:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
REMOVES:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32
REMOVES: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Elements of the registry data ==========
REMOVES Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
Deletes temporary Windows (123) (4.079.626 octets)
REMOVES Flash Cookies (0) (0 octets)

========== System restore ==========
The system successfully created restore point


========== Summary ==========
17 : Registry keys
6 : Registry values
1 : Elements of the registry data
1 : Folders
2 : Files
1 : Software
1 : System restore


End of clean in 02mn 27s

========== Path to file report ==========
C:\Users\Marcelo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 19:53:53 [2349]
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Power Max Ter 27 maio 2014, 20:22

Laptop infectado 772309 Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Ter 27 maio 2014, 20:29

okey, esta sendo diagnosticado.

mas, por que o procedimento para todos os computadores é praticamente igual?
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Ter 27 maio 2014, 20:35

~ Report of ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Launched by Marcelo (27/05/2014 20:26:15)
~ Web site address : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user


---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16798
MFIE: Mozilla Firefox 29.0.1

---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System protection software
Avira Free Antivirus v14.0.3.350
COMODO Internet Security v6.0.2566.2708
Windows Defender W7 (Activate)

---\\ System optimization software
CCleaner v4.14

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Information on the system
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4063 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 81 GB (28%) free of 283 GB

---\\ Connection to the system mode
~ Computer Name: MARCELO-PC
~ User Name: Marcelo
~ All Users Names: Marcelo, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo\Desktop\
~ %Favorites% : C:\Users\Marcelo\Favorites\
~ %LocalAppData% : C:\Users\Marcelo\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 81 Go of 283 Go)
D: Hard drive, Flash drive, Thumb drive (Free 88 Go of 298 Go)
E: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)
H: CD-ROM drive (Not Inserted)
I: CD-ROM drive (Not Inserted)
J: CD-ROM drive (Not Inserted)
K: CD-ROM drive (Not Inserted)



---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.90860E913075B03369BEB7B0B510DC2F] - (.Microsoft Corporation - Internet Extensions for Win32.) (.01/02/2014 - 06:19:49.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 01s



---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/7083
~ Mes musiques (My Musics) : 1/8955
~ Mes Videos (My Videos) : 1/186
~ Mes Favoris (My Favorites) : 1/36
~ Mes Documents (My Documents) : 2/1482
~ Mon Bureau (My Desktop) : 23/997
~ Menu demarrer (Programs) : 1/96
~ Hidden Files: Scanned in 00mn 20s



---\\ Process running
[MD5.4D282B9C5BB05DF92C9F3977DFB9F916] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400] [PID.1608]
[MD5.65AF41A7A2C5B6693E1B4164E7632C3E] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400] [PID.1916]
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.4212]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1048]
[MD5.CCCDC7B64CFF96C977B0FADC24434628] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcelo\AppData\Roaming\Dropbox\bin\Dropbox.exe [33322312] [PID.4108]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1512]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.7128]
~ Processes Running: Scanned in 00mn 07s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [mihcahmgecmbnbcchbopgniflfhgnkff] Verificador de mensagens do Google v.4.4.0 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Google Chrome Extension Folder
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 04s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\5zeyo61b.default\prefs.js
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Other User Links (O4)
O4 - GS\Program [Public]: Free Trials for QuickBooks, Quicken and TurboTax.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
~ Global Startup: 1 Legitimates Filtered in 00mn 09s



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKCU\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. - HP Wireless Assistant Module.) -- C:\Program Files (x86)\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [amd_dc_opt] . (.AMD - AMD Dual-Core Optimizer.) -- C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\Cmd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-648650066-4006766464-4025382557-1000\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - StartupManager.) -- C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe
~ Application: Scanned in 00mn 00s



---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E20287F-1966-4A42-B138-BF9537116F9B}: DhcpNameServer = 201.10.128.2 201.10.1.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{BD290BE6-8D38-4555-A49F-4B2E56D788F0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Extra protocols (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
O34 - HKLM BootExecute: (BootDefrag.exe) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s



---\\ Task Planned Automatically (039)
[MD5.00000000000000000000000000000000] [APT] [{1B7D2E31-FC11-4E7E-AE01-DFE07E1D6C07}] (...) -- H:\Bug Corrigido NoSteam - CS Online.exe (.not file.) [0]
[MD5.276250E5A92A3EA2CF53C4C4BBFA7AC8] [APT] [{1F3A724E-3E62-4807-A1E4-9476B34B9879}] (...) -- C:\Users\Marcelo\Downloads\GmailInstaller.exe [299288]
[MD5.00000000000000000000000000000000] [APT] [{33723558-36BE-4E14-B2E4-7E9B307BFEA9}] (...) -- G:\Setup.exe (.not file.) [0]
[MD5.31977D354D0E356689B1A8CD779DFEB5] [APT] [{3FE18C6B-790E-4F1A-87A6-55EEC867DDD9}] (...) -- D:\Age of Mythology Titans\aomx10to103.exe [8058144]
[MD5.00000000000000000000000000000000] [APT] [{4186A594-5F53-4860-B10B-B0C9A2849E75}] (...) -- C:\Users\Marcelo\Desktop\UltraSurf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{479335AC-C06B-4D5E-A7C9-0F0454165429}] (...) -- C:\Users\Marcelo\Desktop\Bug Corrigido NoSteam - CS Online.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{584457F6-6762-4A74-A46D-FDBAB7EE7E89}] (...) -- C:\Users\Marcelo\My Games\Mafia 2\Mafia_II_[[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{71D94853-AB11-4044-924D-B3356E7C0CB0}] (...) -- C:\Users\Marcelo\Desktop\ClamWin_Portable_0.94.1_Rev_2.paf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D57F4D40-35BB-4006-97CA-F10808FE5A08}] (...) -- I:\autorun.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GlaryInitialize 5 [336]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [896]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [900]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000Core [1034]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-648650066-4006766464-4025382557-1000UA [1086]
~ Scheduled Task: 50 Legitimates Filtered in 00mn 10s



---\\ Drivers launched at startup (O41)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 86 Legitimates Filtered in 00mn 01s



---\\ Software installed (O42)
O42 - Logiciel: ADDONS SITECS (NONSTEAM) - (.www.sitecs.net.) [HKLM][64Bits] -- ADDONS SITECS (NONSTEAM)
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- Capture Solution XE 10.43
O42 - Logiciel: Capture Solution XE 10.43 - (.SProsoft.) [HKLM][64Bits] -- {D241D9B3-1A51-4E53-85CC-9AC754819013}
O42 - Logiciel: EMChuletator - (...) [HKLM][64Bits] -- EMChuletator
O42 - Logiciel: GPS TrackMaker - (.Geo Studio Technology Ltd.) [HKLM][64Bits] -- {572DDD41-B104-4D5C-BA1B-7A22E92E7A0C}
O42 - Logiciel: GPS TrackMaker PRO - (.Odilon Ferreira Junior (Geo Studio Technologies Ltd.).) [HKLM][64Bits] -- {32EA37A8-B50D-4B38-998F-CD56B3849201}
O42 - Logiciel: Homepage Protection - (.AOL Products.) [HKLM][64Bits] -- Homepage Protection
O42 - Logiciel: Patch v23 versão 2013 - (.SiteCS.) [HKLM][64Bits] -- {C1C3140D-730D-4176-94EC-F1706A929776}_is1
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: RoX aDDons v3.5 - (.RoX Site.) [HKLM][64Bits] -- RoX aDDons_is1
O42 - Logiciel: SlingBoxWatchYourTVAnyWhere - (.Sling Media.) [HKLM][64Bits] -- {4313E16C-811B-469F-8815-6EB98085F8B2}
O42 - Logiciel: Spring 5.1.5 Português_x86 - (...) [HKLM][64Bits] -- Spring 5.1.5 Português_x86
O42 - Logiciel: Stay Live 2000 - (.Gregory Braun -- Software Design.) [HKLM][64Bits] -- Stay Live 2000
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected
~ Logic: 54 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Counter Strike 1.6]
[HKCU\Software\GbAs]
[HKCU\Software\Homepage Protection]
[HKCU\Software\INPE-DPI]
[HKCU\Software\none]
[HKCU\Software\sXe Injected]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\sXe_Injected]
[HKLM\Software\Wow6432Node\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Key Software: 531 Legitimates Filtered in 00mn 01s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 30/10/2010 - 08:05:01 - [] ----D C:\Program Files (x86)\Counter Strike
O43 - CFD: 06/12/2010 - 14:37:05 - [] ----D C:\Program Files (x86)\EMChuletator
O43 - CFD: 19/05/2012 - 23:35:16 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 12/11/2010 - 18:28:58 - [] ----D C:\Program Files (x86)\GTMPRO
O43 - CFD: 09/08/2009 - 06:18:03 - [] ----D C:\Program Files (x86)\JunoPreloader
O43 - CFD: 15/05/2014 - 01:36:33 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 18/09/2010 - 10:40:25 - [] ----D C:\Program Files (x86)\Spring515_Portugues_x86
O43 - CFD: 28/04/2013 - 16:20:10 - [] ----D C:\Program Files (x86)\Stay Live 2000
O43 - CFD: 14/03/2014 - 13:29:54 - [] ----D C:\Program Files (x86)\sXe Injected
O43 - CFD: 12/11/2010 - 18:27:45 - [] ----D C:\Program Files (x86)\TrackMaker
O43 - CFD: 13/09/2010 - 11:03:16 - [] ----D C:\ProgramData\{348D66EB-BC89-1069-82CA-2F4BDF30189C}
O43 - CFD: 13/09/2010 - 11:01:35 - [] --H-D C:\ProgramData\{7F909CEA-CFE5-45BC-8C18-4466B9A9B6A3}
O43 - CFD: 14/05/2012 - 15:42:24 - [] ----D C:\Users\Marcelo\AppData\Roaming\HU2011
O43 - CFD: 15/05/2014 - 01:40:23 - [] ----D C:\Users\Marcelo\AppData\Local\PokerStars
O43 - CFD: 12/09/2010 - 18:34:44 - [] ----D C:\Users\Marcelo\AppData\Local\Sling_Media,_Inc
O43 - CFD: 15/10/2010 - 13:28:54 - [] ----D C:\Users\Marcelo\AppData\Local\storage
O43 - CFD: 12/05/2012 - 20:02:35 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ADDONS SITECS (NONSTEAM)
O43 - CFD: 15/05/2014 - 01:43:07 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 12/11/2010 - 18:27:46 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker
O43 - CFD: 12/11/2010 - 18:29:00 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GPS TrackMaker PRO
O43 - CFD: 14/03/2012 - 16:37:56 - [] ----D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ Program Folder: 282 Legitimates Filtered in 00mn 01s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.E9958D1F056E4684C57E0F34076B6107] - 15/05/2014 - 00:50:13 ---A- . (...) -- C:\Windows\M3JPEG.INI [578]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/05/2014 - 18:55:59 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 20:35:59 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.163DA961F8128F7D7488D2213B91BD21] - 26/05/2014 - 20:50:12 ----- . (...) -- C:\zoek-results.log [32290]
O44 - LFC:[MD5.59EF60608A86CEA6B8587B4A56699779] - 27/05/2014 - 20:16:58 ---A- . (...) -- C:\Windows\System32\Drivers\fvstore.dat [175256]
~ Files: 15 Legitimates Filtered in 00mn 58s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 24 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKCU\...\Policies\System] - "WallpaperStyle"=
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ System Drivers List (SDL) (O58)
O58 - SDL:17/01/2013 - 21:07:36 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:29/06/2009 - 15:17:00 ---A- . (.ENE TECHNOLOGY INC. - ENE CIR Driver for eHome(64).) -- C:\Windows\System32\Drivers\enecir.sys [70656]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:23/03/2010 - 14:53:06 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt64.sys [505344]
O58 - SDL:18/03/2013 - 16:51:08 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 82 Legitimates Filtered in 00mn 46s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Comodo - Comodo Dragon.) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Marcelo\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: prefs.js [Marcelo - 5zeyo61b.default] user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*[...] =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {CC778948-1EA5-4599-AE7A-9807D211DCF4} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.A427535CD5C46D09016574A541A982DB] [SPRF][31/07/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [952]
[MD5.26142233416E6FD8C74B7DAB3D3B4C0A] [SPRF][09/07/2013] (...) -- C:\Users\Marcelo\AppData\Roaming\room_v3.dat [45270]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\AdwCleaner.exe [1327971]
[MD5.8911FBB20555510A14C5FE096B322FE2] [SPRF][02/04/2014] (.PortableApps.com - ClamWin Portable.) -- C:\Users\Marcelo\Desktop\ClamWinPortable_0.98.1_English.paf.exe [7541552]
[MD5.0413F677CA3F7690AF1F03769632BF8C] [SPRF][14/04/2014] (.Dropbox, Inc. - Dropbox 2.6.29 Installer.) -- C:\Users\Marcelo\Desktop\DropboxInstaller.exe [315984]
[MD5.BA48F4C0988795FBEADAE23BE988054D] [SPRF][26/05/2014] (.Bleeping Computer, LLC - Terminates malware processes so that you can run your normal security programs..) -- C:\Users\Marcelo\Desktop\rkill.exe [1940216]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Marcelo\Desktop\zoek.exe [1285120]
~ Files: 13 Legitimates Filtered in 00mn 09s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{AEAC4B0C-FDBD-4866-B8FE-8D6777192A63}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{76BC2838-F9AA-4789-9E77-736C0CC56B68}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{A8C402F3-41F7-42DB-904B-30AD9EBBD590}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{39ED5FAB-D01D-4BC4-9AB2-8E7BA9338DAF}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{746FA3FB-69EE-47C8-8B99-4DADFAED5A9D}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DC939A3C-0067-4AC1-B788-47428525AEF7}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Marcelo\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 05s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 442 Legitimates Filtered in 00mn 00s



---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 06/06/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
SS - | Auto 27/03/2009 16896 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agr64svc.exe
SS - | Auto 02/07/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Demand 28/10/2010 77944 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
SS - | Demand 05/01/2012 75624 | (AxAutoMntSrv) . (.Alcohol Soft Development Team.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
SS - | Auto 26/05/2011 161080 | (CLPSLS) . (.COMODO.) - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
SS - | Demand 05/05/2009 228408 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
SS - | Auto 23/04/2014 2135232 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SS - | Demand 22/05/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 19/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/11/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 29/11/2013 2210640 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SS - | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Auto 08/07/2009 30520 | (hpsrv) . (.Hewlett-Packard.) - C:\Windows\System32\Hpservice.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 17/06/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 11/10/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SS - | Demand 22/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SS - | Auto 21/01/2009 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 23/03/2010 247808 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
SS - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SS - | Demand 26/07/2013 563624 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Disabled 19/10/2010 2011944 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
SS - | Demand 24/06/2013 754584 | (TunngleService) . (.Tunngle.net GmbH.) - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
SR - | Auto 20/03/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 20/03/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/07/2009 864032 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 16/04/2014 6817544 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SR - | Demand 25/03/2014 2264280 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SR - | Auto 09/07/2009 124928 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 24/07/2009 146928 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
~ Services: Scanned in 00mn 15s



---\\ List of CD/DVD Emulators (MBR Hook)
O58 - SDL:14/03/2013 - 18:11:20 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [564824]
~ Emulateurs: Scanned in 00mn 15s



---\\ Scan Additionnel (O88)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
~ Additionnel Scan: 545196 Items scanned in 02mn 42s



---\\ Summary of the detections found on your workstation
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MyWebSearch
~ MSI: 1 link(s) detected in 00mn 00s



~ 1206 Legitimates filtered by white list
End of the scan (501 lines in 08mn 00s)(0)
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Power Max Ter 27 maio 2014, 20:51

mas, por que o procedimento para todos os computadores é praticamente igual?
Porque quase todos os computadores atualmente estão contaminados por adwares.
____________________________________________________________________________

Laptop infectado 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Laptop infectado 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.


Última edição por Power Max em Ter 27 maio 2014, 21:09, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Ter 27 maio 2014, 20:54

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Marcelo at 27/05/2014 20:53:58
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 02s)
Repair of browser shortcuts

========== Software ==========
ABSENT Uninstall Process: c:\program files (x86)\common files\homepage protection\uninstall.exe

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Homepage Protection]
REMOVES Driver Key: Bfilter
REMOVES Driver Key: Bfmon
REMOVES Driver Key: Bnbase
REMOVES Driver Key: Bndef
REMOVES Driver Key: Bprotect
REMOVES: HKCU\Software\Homepage Protection

========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Preferences browser ==========
REMOVES Mozilla Pref: user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*[...]

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
Deletes temporary Windows (12) (6.193.288 octets)
REMOVES Flash Cookies (0) (0 octets)

========== Scheduled task ==========
REMOVES: {1B7D2E31-FC11-4E7E-AE01-DFE07E1D6C07}
REMOVES: {33723558-36BE-4E14-B2E4-7E9B307BFEA9}
REMOVES: {4186A594-5F53-4860-B10B-B0C9A2849E75}
REMOVES: {479335AC-C06B-4D5E-A7C9-0F0454165429}
REMOVES: {584457F6-6762-4A74-A46D-FDBAB7EE7E89}
REMOVES: {71D94853-AB11-4044-924D-B3356E7C0CB0}
REMOVES: {D57F4D40-35BB-4006-97CA-F10808FE5A08}

========== System restore ==========
The system successfully created restore point


========== Summary ==========
7 : Registry keys
6 : Registry values
1 : Folders
2 : Files
1 : Software
1 : Preferences browser
7 : Scheduled task
1 : System restore


End of clean in 01mn 27s

========== Path to file report ==========
C:\Users\Marcelo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 19:53:53 [2431]
C:\Users\Marcelo\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/05/2014 20:54:01 [2204]
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por marcelosteffler Ter 27 maio 2014, 21:01

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.

-

Meus deus, o PC esta completamente mudado, foi um mendigo que tomou um banho.

-A velocidade de utilização esta foguete;
-Pastas, programas, musicas, vídeos estão sendo executadas numa velocidade incrível;
-Ao iniciar o computador, ele se encontra limpo e pronto pra uso;
-Não sou mais direcionado pra links suspeitos a todo momento;
-Os processos consomem memória normalmente;
-Processos inúteis evaporaram;

enfim, MUITO OBRIGADO!
excelente fórum, excelente trabalho.
marcelosteffler
marcelosteffler
Iniciante
Iniciante

Mensagens : 25
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Power Max Ter 27 maio 2014, 21:09

isso aí! Fico feliz que o problema tenha sido resolvido.

Laptop infectado 772309 Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________

Laptop infectado 772309 Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________

Laptop infectado 648673379 Foi um prazer ajudar. Conte sempre conosco!

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Danii Ter 27 maio 2014, 21:18

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii
Danii
Membro Pleno
Membro Pleno

Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil

Ir para o topo Ir para baixo

Laptop infectado Empty Re: Laptop infectado

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Ir para o topo


 
Permissões neste sub-fórum
Não podes responder a tópicos