Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14443 usuários registrados
O último usuário registrado atende pelo nome de Caio Flavio

Os nossos membros postaram um total de 35198 mensagens em 3565 assuntos
Últimos assuntos
» Notebook lento, acho que está com virus
por joram Ontem à(s) 18:38

Quem está conectado
3 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 3 Visitantes

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Novembro 2017
SegTerQuaQuiSexSabDom
  12345
6789101112
13141516171819
20212223242526
27282930   

Calendário Calendário


CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Junior Pernambucano em Ter 27 Maio 2014, 15:04

Boa tarde amigos.

Conforme já li neste fórum anteriormente, também fui atacado pelo famigerado CE_UmbrellaCert e tentei usar todos os antídotos indicados e não consegui exterminá-lo. Seria alguma mutação?

Alguém tem mais alguma sugestão que eu possa usar?

Se precisarem do txt da execução é só me dizer que eu envio, ok?

Desde já agradeço.
avatar
Junior Pernambucano
Iniciante
Iniciante

Mensagens : 10
Reputação : 0
Data de inscrição : 27/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Power Max em Ter 27 Maio 2014, 15:06

   Olá Junior. Seja bem vindo ao Fórum PC Brasil.

Poste, por gentileza, os relatórios destes três programas que você usou para podermos analisar.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO)Envio dos txts de Adwcleaner, JRT e Zoek

Mensagem por Junior Pernambucano em Ter 27 Maio 2014, 15:45

Junior Pernambucano escreveu:Boa tarde amigos.

Conforme já li neste fórum anteriormente, também fui atacado pelo famigerado CE_UmbrellaCert e tentei usar todos os antídotos indicados e não consegui exterminá-lo. Seria alguma mutação?

Alguém tem mais alguma sugestão que eu possa usar?

Se precisarem do txt da execução é só me dizer que eu envio, ok?

Desde já agradeço.
avatar
Junior Pernambucano
Iniciante
Iniciante

Mensagens : 10
Reputação : 0
Data de inscrição : 27/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Power Max em Ter 27 Maio 2014, 15:55

 Quanto ao Adwcleaner, poste o relatório dele que se encontra neste local:
C:\AdwCleaner\AdwCleaner[S10].txt
_________________________________________________________________

Desative temporariamente seu antivírus para evitar conflitos.

Execute novamente o Zoek seguindo as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta juntamente com o log do AdwCleaner pedido acima.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Aswcleaner [S10] e Zoek

Mensagem por Junior Pernambucano em Ter 27 Maio 2014, 17:22

Power Max escreveu:  Quanto ao Adwcleaner, poste o relatório dele que se encontra neste local:
C:\AdwCleaner\AdwCleaner[S10].txt
_________________________________________________________________

Desative temporariamente seu antivírus para evitar conflitos.

 Execute novamente o Zoek seguindo as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta juntamente com o log do AdwCleaner pedido acima.


Prezado Power.

Pude perceber que após a execução do Zoek a exibição do Umbrella havia parado, porém foi só abrir meu browser (Google Chrome) que ela retornou...

Segue o Log do Zoek conforme solicitado:



Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Junior on 27/05/2014 at 16:07:08,13.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Junior\Downloads\zoek\zoek.com [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-26-164300.log 76056 bytes
C:\zoek-results2014-05-26-180542.log 54871 bytes
C:\zoek-results2014-05-26-195326.log 37176 bytes
C:\zoek-results2014-05-26-203511.log 83385 bytes
C:\zoek-results2014-05-26-205938.log 82439 bytes
C:\zoek-results2014-05-27-182356.log 55027 bytes

==== System Restore Info ======================

27/05/2014 16:07:51 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Junior\AppData\Roaming\Mozilla\Firefox\Profiles\c3newgle.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal");
user_pref("browser.search.defaultenginename", "Web");
user_pref("browser.search.selectedEngine", "Web");
user_pref("keyword.URL", "http://br.yhs4.search.yahoo.com/yhs/search");

Added to C:\Users\Junior\AppData\Roaming\Mozilla\Firefox\Profiles\c3newgle.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"BrowserMngrDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\PROGRA~3\boost_interprocess\20140527152326.610798\Nobu64AgentService2.9.0.19" deleted
"C:\PROGRA~3\boost_interprocess\20140527152326.610798\Nobu64TrayIcon2.9.0.19" deleted
"C:\PROGRA~3\boost_interprocess" not deleted
"C:\PROGRA~3\boost_interprocess\20140527152326.610798" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [14/03/2014 15:46]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Junior\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [08/01/2014 10:01]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Junior\AppData\Roaming\Mozilla\Firefox\Profiles\c3newgle.default
- Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Junior\AppData\Roaming\Mozilla\Firefox\Profiles\c3newgle.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
630B1C896D9DC03447A6951102EBEBFD - C:\Users\Junior\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
C36444D7301A8C881FC7296B092609C7 - C:\Users\Junior\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update
68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\Junior\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\Junior\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\Junior\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
58B690C992C321664AB6145A350B5DCD - C:\Users\Junior\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[21/12/2013 03:04]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Junior\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[08/01/2014 10:01]

Google Translate - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
Google Slides - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Forge of Empires - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg
Tribal Wars - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcoihkppmlaldchalnpmolekhkmdoej
Vasco Eterno - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmbkhjfjnibdlmmfnmfjnobincbeheb
YouTube - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Notifications - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi
Last updated at time on date - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Vasco News - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciklhipiiihplhfkofcibanihnllcdpb
Invalid Access Token. - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg
Superinteressante - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\degpihaammlmlmgcddhlnfebfcjlbjnk
Adobe Acrobat - Create PDF - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Sudoku - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbldalicehmlaalddffibogeplifangc
Google Sheets - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Sniper Team - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec
Pensamentos Diários - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaphhglagpbfgndijdjelhakepbnapme
NTR - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
RealDownloader - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Halo Heroes - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciohdhhhimhamjkbccdjdancekahfne
Google Forms - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg
Grepolis - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog
Reddit this - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiglpdbbmcnncekagalndhicllimchm
Google Maps - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
Google Mail Checker - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Google Drawings - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme
OneDrive - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk
Google Wallet - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Video Cutter - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodkcjollmmjidmcnhloaoahmciabnai
Background Tab - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic
Google Calendar Checker - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek
Quebrador de Links - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchaoppopfjnlficjlobfjhfceadbfla
Megapolis - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddhhdnbemfbdgbclkecmnipjlginhjp
Battleships HD - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdokbcmcbophjcdbgnkedjopecbjbcoo
Fusion Tables experimental - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfoeakahkgllhkommkfeehmkfcloagkl
GBBD Banco do Brasil - Junior\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Adobe Acrobat - Create PDF - Junior\AppData\Local\Spark\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
uTorrentControl_v2 - Junior\AppData\Local\Spark\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
RealDownloader - Junior\AppData\Local\Spark\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Select City - Junior\AppData\Local\Spark\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Skype Click to Call - Junior\AppData\Local\Spark\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
GBBD Banco do Brasil - Junior\AppData\Local\Spark\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{05046B93-CC41-4CF5-84CF-3AC3004B22A7} Google  Url="http://www.google.cn/cse?cx=partner-pub-0166105436203332:pzdukf-nfb1&cr=&ie=UTF-8&hl=zh-CN&sa=%E6%90%9C%E5%B0%8B&q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{13BB9EFE-6AE3-49B9-B115-DD16F657AD45} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_pt-BRBR497"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{56B46F5F-6BE6-3BD4-F4CA-125015AD885B} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Junior\AppData\Local\Spark\User Data\Default\Preferences was reset successfully
C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\web data was reset successfully
C:\Users\Junior\AppData\Local\Spark\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Ctx_StreamingSvc\Desktop\Mainframe ABEND ASSIST.lnk - C:\Program Files (x86)\Mainframe ABEND ASSIST\ABENDASSIST.exe
C:\Users\Junior\Desktop\AIDA64 Extreme Edition.lnk - C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida64.exe
C:\Users\Junior\Desktop\Filmes Online.lnk - C:\Users\Junior\AppData\Roaming\baidu\hao123-brmovie\hao123.1.0.0.1111.exe
C:\Users\Junior\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Junior\Desktop\Foxit PDF Editor.lnk - C:\Program Files (x86)\Foxit Software\PDF Editor\PDFEdit.exe
C:\Users\Junior\Desktop\Google Drive.lnk - C:\Users\Junior\Google Drive
C:\Users\Junior\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
C:\Users\Junior\Desktop\Mainframe ABEND ASSIST.lnk - C:\Program Files (x86)\Mainframe ABEND ASSIST\ABENDASSIST.exe
C:\Users\Junior\Desktop\Mainframe.lnk - C:\Estação\Junior.ws
C:\Users\Junior\Desktop\MediaGet.lnk - C:\Users\Junior\AppData\Local\MediaGet2\mediaget.exe
C:\Users\Junior\Desktop\Trend Micro Titanium Internet Security.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Users\Root\Desktop\Install MyHeritage Family Tree Builder.lnk - E:\Documentos Escaneados\Family_Tree_Builder.exe -Language=1046 -HomePage=1 -Toolbar=1 -DefaultSearch=1 -Install=C:\Program Files (x86)\MyHeritage
C:\Users\Root\Desktop\Mainframe ABEND ASSIST.lnk - C:\Program Files (x86)\Mainframe ABEND ASSIST\ABENDASSIST.exe
C:\Users\Root\Desktop\Trend Micro Titanium Internet Security.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
C:\Users\Public\Desktop\Adobe Creative Cloud.lnk - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0
C:\Users\Public\Desktop\Adobe FormsCentral.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\FormsCentral\FormsCentralForAcrobat.exe
C:\Users\Public\Desktop\asav.lnk - C:\Program Files (x86)\Dell Wireless\asav.exe
C:\Users\Public\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\Users\Public\Desktop\Camtasia Studio 8.lnk - C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\CDBurnerXP.lnk - C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe
C:\Users\Public\Desktop\Connection Manager.lnk - C:\Program Files (x86)\Connection Manager\UIMain.exe
C:\Users\Public\Desktop\Dell DataSafe Online.lnk - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe OPEN
C:\Users\Public\Desktop\Express Dictate.lnk - C:\Program Files (x86)\NCH Software\Express\express.exe
C:\Users\Public\Desktop\Express Scribe.lnk - C:\Program Files (x86)\NCH Software\Scribe\scribe.exe
C:\Users\Public\Desktop\Fotosizer.lnk - C:\Program Files (x86)\Fotosizer\Fotosizer.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HotSpot.lnk - C:\Program Files (x86)\Dell Wireless\HotSpot.exe
C:\Users\Public\Desktop\HP LaserJet Professional CM1410 Series - Centro de ajuda e aprendizado.lnk - C:\Program Files (x86)\HP\HP LaserJet Professional CM1410 series\Help_Learn\Help.exe
C:\Users\Public\Desktop\HP LJ CM1410 Scan.lnk - C:\Program Files (x86)\HP\HP LJ CM1410 MFP Series\bin\HPScan.exe
C:\Users\Public\Desktop\Hábil Pessoal + Veículos.lnk -  
C:\Users\Public\Desktop\Importador do Hábil Pessoal + Veículos.lnk -  
C:\Users\Public\Desktop\Kingo Android ROOT.lnk - C:\Program Files (x86)\Kingo Android ROOT\SuperRoot.exe
C:\Users\Public\Desktop\Megacubo.lnk - C:\Program Files (x86)\Megacubo\megacubo.exe
C:\Users\Public\Desktop\Monitor da tecnologia Intel® Turbo Boost 2.0.lnk -  
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\SoapUI 5.0.0.lnk - C:\Program Files (x86)\SmartBear\SoapUI-5.0.0\bin\SoapUI-5.0.0.exe
C:\Users\Public\Desktop\Software Ideas Modeler.lnk - C:\Program Files\SoftwareIdeasModeler\SoftwareIdeasModeler.exe
C:\Users\Public\Desktop\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\Users\Public\Desktop\Wondershare PDF Editor.lnk - C:\Program Files (x86)\Wondershare\PDFEditor\PDFEditor.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -  
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet.lnk - C:\Users\Junior\AppData\Local\MediaGet2\mediaget.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store\PC App Store.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\PCAppStore.exe /openfrom=startmenu
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\Uninstall.exe /openfrom=startmenu
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk -  
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk -  
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk -  
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detectar Aplicação\Uninstall Winamp Detector Plug-in.lnk -  
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo nesta última versão.lnk -  
C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Ares.lnk - C:\Program Files (x86)\Ares\Ares.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Homepage.lnk - C:\Program Files (x86)\Ares\data\Homepage.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Host Chatroom.lnk - C:\Program Files (x86)\Ares\chatServer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Uninstall.lnk - C:\Program Files (x86)\Ares\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\DiskDefrag\Auslogics DiskDefrag.lnk - C:\Program Files (x86)\Auslogics\DiskDefrag\DiskDefrag.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser\Baidu Spark Browser.lnk - C:\Program Files (x86)\baidu\Spark26.5.9999.3313\Spark.exe --bar=1015
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser\Uninstall.lnk - C:\Program Files (x86)\baidu\Spark26.5.9999.3313\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe Online\Dell DataSafe Online.lnk - C:\Windows\Installer\{C53BCCBE-9268-4C09-82E9-611444A73B3F}\MainIcon.ico OPEN
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Base.lnk - C:\Program Files (x86)\LibreOffice 4\program\sbase.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Calc.lnk - C:\Program Files (x86)\LibreOffice 4\program\scalc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Draw.lnk - C:\Program Files (x86)\LibreOffice 4\program\sdraw.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Impress.lnk - C:\Program Files (x86)\LibreOffice 4\program\simpress.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Math.lnk - C:\Program Files (x86)\LibreOffice 4\program\smath.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice Writer.lnk - C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2\LibreOffice.lnk - C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe  /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\SysWOW64\msiexec.exe /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartBear\SoapUI 5.0.0\SoapUI 5.0.0 Uninstaller.lnk - C:\Program Files (x86)\SmartBear\SoapUI-5.0.0\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartBear\SoapUI 5.0.0\SoapUI-5.0.0.lnk - C:\Program Files (x86)\SmartBear\SoapUI-5.0.0\bin\SoapUI-5.0.0.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Recorder 8.lnk - C:\Windows\Installer\{B9691991-64D3-435B-8A83-69CC21016936}\CamtasiaIcons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Studio 8.lnk - C:\Windows\Installer\{B9691991-64D3-435B-8A83-69CC21016936}\CamtasiaIcons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo nesta última versão.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Ctx_StreamingSvc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Ctx_StreamingSvc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mainframe ABEND ASSIST.lnk - C:\Program Files (x86)\Mainframe ABEND ASSIST\ABENDASSIST.exe
C:\Users\Ctx_StreamingSvc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Ctx_StreamingSvc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Ctx_StreamingSvc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\Users\Ctx_StreamingSvc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Ctx_StreamingSvc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TuneUp Utilities - Start Center.lnk - C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TuneUp Utilities - Start Center.lnk - C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TuneUp Utilities - Start Center.lnk - C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Acelerador de Downloads.lnk - C:\Program Files (x86)\Acelerador de Downloads\registro1.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Arquivo090113.lnk - C:\Program Files (x86)\Arquivo090113\f301212_1.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Baidu Spark Browser.lnk - C:\Program Files (x86)\baidu\Spark26.5.9999.3313\Spark.exe --bar=1016
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Filmes Online.lnk - C:\Users\Junior\AppData\Roaming\baidu\hao123-brmovie\hao123.1.0.0.1111.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mainframe ABEND ASSIST.lnk - C:\Program Files (x86)\Mainframe ABEND ASSIST\ABENDASSIST.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE /recycle
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Filmes Online.lnk - C:\Users\Junior\AppData\Roaming\baidu\hao123-brmovie\hao123.1.0.0.1111.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Junior\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Trend Micro\Trend Micro Titanium.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mainframe ABEND ASSIST.lnk - C:\Program Files (x86)\Mainframe ABEND ASSIST\ABENDASSIST.exe
C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Root\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Trend Micro\Trend Micro Titanium.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk - C:\Program Files (x86)\VMware\VMware Player\vmplayer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TuneUp Utilities - Start Center.lnk - C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:2723;https=127.0.0.1:2723"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ctx_StreamingSvc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Junior\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Junior\AppData\Local\Spark\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1010 folders=232 109514672 bytes)

==== Empty Temp Folders ======================

C:\Users\Ctx_StreamingSvc\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Junior\AppData\Local\Temp will be emptied at reboot
C:\Users\Root\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Junior\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\boost_interprocess"  not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 27/05/2014 at 16:28:39,08 ======================
avatar
Junior Pernambucano
Iniciante
Iniciante

Mensagens : 10
Reputação : 0
Data de inscrição : 27/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Power Max em Ter 27 Maio 2014, 17:35

Faça o download do < [Você precisa estar registrado e conectado para ver este link.] > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Você precisa estar registrado e conectado para ver este link.]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Log do ZHPDiag

Mensagem por Junior Pernambucano em Ter 27 Maio 2014, 19:04

Tive que mandar anexado pois o log estava excedendo a largura do arquivo....
avatar
Junior Pernambucano
Iniciante
Iniciante

Mensagens : 10
Reputação : 0
Data de inscrição : 27/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Power Max em Ter 27 Maio 2014, 20:18

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Você precisa estar registrado e conectado para ver este link.]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_____________________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Qua 28 Maio 2014, 15:27, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Junior Pernambucano em Ter 27 Maio 2014, 20:35

Segue a resposta...

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Junior at 27/05/2014 20:33:00
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 06s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\frevens pro 13\uninstall.exe
AUSENTE Uninstall Process: c:\users\junior\appdata\roaming\vopackage\uninstall.exe

========== Estado dos serviços ==========
{50C078F1-4117-4AAD-852A-0B3BBFB46B18}W64 Parado

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Frevens Pro 13]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage]
ELIMINÉ: CLSID BHO: {11111111-1111-1111-1111-110511801128}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511801128}]
ELIMINÉ: Service: PCAppStoreSvc_{PCAppStore_4.4.0.5812}
ELIMINÉ: Service: SparkSvc
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {50c078f1-4117-4aad-852a-0b3bbfb46b18}w64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\InstalledBrowserExtensions
ELIMINÉ: HKCU\Software\PluginAddon
ELIMINÉ: HKCU\Software\Reimage
ELIMINÉ: HKCU\Software\WinkHandler
ELIMINÉ: HKCU\Software\qualitink
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:* HKLM\Software\InstalledBrowserExtensions
ELIMINÉ:* HKLM\Software\Reimage
ELIMINÉ:* HKLM\Software\RrFilter
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\MyFunCards_5mEI
ELIMINÉ: HKLM\Software\Wow6432Node\qualitink
ELIMINÉ CLSID MPSK: {7b7ebc1c-db1c-11e1-84f6-806e6f6e6963}
ELIMINÉ CLSID MPSK: {aac73844-3e01-11e2-a062-dfabeb77d6de}
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\20120702IminentSetup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\20120702IminentSetup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BcoolApp_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BcoolApp_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bcool_extension_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\bcool_extension_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BetterInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BetterInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DefaultTabSearch_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DefaultTabSearch_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\imbooster_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\imbooster_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro1_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OptimizerPro1_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilqualitink_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilqualitink_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz10_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz10_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VisualBeeSilent_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VisualBeeSilent_RASMANCS
ELIMINÉ:* HKCR\CLSID\{22222222-2222-2222-2222-220522802228}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511801128}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKCU\Software\AppDataLow\Software\Crossrider
ELIMINÉ: HKLM\Software\Classes\CrossriderApp0058028.BHO
ELIMINÉ: HKLM\Software\Classes\CrossriderApp0058028.BHO.1
ELIMINÉ: HKLM\Software\Classes\CrossriderApp0058028.Sandbox
ELIMINÉ: HKLM\Software\Classes\CrossriderApp0058028.Sandbox.1
ELIMINÉ: HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110511801128}

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\program files (x86)\frevens pro 13\frevens pro 13-bho.dll
ELIMINÉ: c:\users\junior\appdata\roaming\microsoft\windows\start menu\programs\mediaget.lnk
ELIMINÉ: c:\users\junior\desktop\mediaget.lnk
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc app store\4.4.0.5812\pcappstoresvc.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}w64.sys
ELIMINÉ Temporários windows (74) (55.626.741 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: DTChk
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-1
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-1
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-2
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-2
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-4
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-4
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-5
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-5
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-6
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-6
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-7
ELIMINÉ: fd70836e-8f94-46f1-aab7-cce8b901d899-7
ELIMINÉ: SparkUpdater
ELIMINÉ: SparkUpdater
ELIMINÉ: {038184A4-5B2A-4E20-BAA1-24D3E63DFE4B}
ELIMINÉ: {17B7C9CC-B392-492C-A6B9-ABDE16355F45}
ELIMINÉ: {39C26F94-B43A-432E-BD4E-EB2740D2E6F5}
ELIMINÉ: {3BFF97B8-7DA8-46EA-A4CE-BF9903DD2A7A}
ELIMINÉ: {77533B65-FBE1-411E-8F9B-5E137E76BD64}
ELIMINÉ: {9011A0D6-1423-4B7C-BEC2-C6185BBD29B2}
ELIMINÉ: {B357737E-63C6-4B81-8786-96FEE5DD1896}
ELIMINÉ: {D2B7C0C4-5945-4AED-B3D4-3E617FC6AE2A}
ELIMINÉ: {DBB99717-E4CF-42FB-87D7-BEDDB20595C0}
ELIMINÉ: {E5723ADE-D127-4791-951A-AB90BFD0947A}
ELIMINÉ: {E5DC163A-EB17-4902-90F2-D5C05147AC51}
ELIMINÉ: {F01189F9-5846-4DEC-8C32-7ABFE95D53DC}
ELIMINÉ: {F46B528A-276B-4526-81B1-59D03AC98094}
ELIMINÉ: {F8915C1E-49A9-4683-B4F1-B41CD93F002B}
ELIMINÉ: {F97C9154-46A4-411A-BB08-46F92A9273A6}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
65 : Chaves do Registo
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
7 : Ficheiros
2 : Softwares
1 : Estado dos serviços
31 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 05s

========== Caminho do ficheiro do relatório ==========
C:\Users\Junior\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 20:33:06 [7633]
avatar
Junior Pernambucano
Iniciante
Iniciante

Mensagens : 10
Reputação : 0
Data de inscrição : 27/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Power Max em Ter 27 Maio 2014, 20:36

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Junior Pernambucano em Ter 27 Maio 2014, 20:44

Vamos nós....

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Junior (27/05/2014 20:39:02)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Trend Micro Titanium Internet Security v3.00
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.12

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 9
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6046 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 544 GB (79%) free of 686 GB

---\\ Modo de conexão ao sistema
~ Computer Name: JUNIOR-PC
~ User Name: Junior
~ All Users Names: Root, Junior, Ctx_StreamingSvc, Convidado,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Junior\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Junior\AppData\Roaming\
~ %Desktop% : C:\Users\Junior\Desktop\
~ %Favorites% : C:\Users\Junior\Favorites\
~ %LocalAppData% : C:\Users\Junior\AppData\Local\
~ %StartMenu% : C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 544 Go of 686 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.31/07/2012 - 17:28:10.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.31/07/2012 - 17:28:03.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/47
~ Mes Favoris (My Favorites) : 1/181
~ Mes Documents (My Documents) : 2/3176
~ Mon Bureau (My Desktop) : 1/709
~ Menu demarrer (Programs) : 1/70
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.73511BB9B2F4070A554A6C4B67F5AC72] - (.DigitalPersona, Inc. - DigitalPersona Local Agent.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe [795984] [PID.5368]
[MD5.BA90DF05FA2E9A2C15F3A74825315BD0] - (.SoftThinks - Dell - Dell DataSafe Local Backup.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.exe [4293952] [PID.4936]
[MD5.8872B78D80682F2BE0A04EB0B3EAF554] - (.SoftThinks - Dell - DataSafe Update Launcher.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe [465216] [PID.6164]
[MD5.F205CD085B25CFC491908EFE4E8AB8F5] - (.No owner - ST Service Scheduling.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.exe [2751808] [PID.6216]
[MD5.2A510D5500FD4C50A9E38DF85478F862] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.6708]
[MD5.3C05B5964C3D248BD4763727FB07DAC9] - (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3735552] [PID.6732]
[MD5.2894C8A3A3F7B18F53262CDEB1F7DF8E] - (...) -- C:\Program Files (x86)\Connection Manager\UIexec.exe [153424] [PID.6820]
[MD5.10923CB228E1E591AC238C3C437BDF75] - (.Hewlett-Packard Company - HPTLBXFX.) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936] [PID.6856]
[MD5.F0AD6FB996D4BE1E364934FA7A6BD094] - (.Citrix Systems, Inc. - Citrix Connection Center.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544] [PID.6912]
[MD5.38875F805FBD3D7B32D5B3EFEA7D1CD2] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480] [PID.7008]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512] [PID.6648]
[MD5.EF22596B7C443716F5F97DCA1ED7A1E2] - (.Citrix Systems, Inc. - Citrix Receiver Application.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe [1481200] [PID.6812]
[MD5.1F85A80EBC4C4C1D562094F5AB231077] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [769904] [PID.6948]
[MD5.9E049D0A4F2D1712C0BEA12060F10489] - (.Citrix Systems, Inc. - Citrix Connection Manager.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe [887352] [PID.7812]
[MD5.3EA89C7B886D13AD24AE4A47F79A4BE8] - (.Citrix Systems, Inc. - Citrix Receiver.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe [54320] [PID.7836]
[MD5.7FA16A68EF2B1B6C3281D1D33F513CB2] - (.No owner - Core Sync.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [5288608] [PID.7908]
[MD5.24084D50C0528F370CBB56BB34B3586F] - (.Citrix Systems, Inc. - Citrix Offline Plug-in Session COM Server.) -- C:\Program Files (x86)\Citrix\Streaming Client\RadeObj.exe [178152] [PID.7740]
[MD5.AA61E4E73E812D6411F375989E4501CE] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [419704] [PID.8396]
[MD5.80A4D0EDA172B8BFDBC7AF5681FD8515] - (...) -- C:\Program Files (x86)\Baidu Security\PC App Store\4.4.0.5812\AppStoreUtilexe.exe [1736736] [PID.5036]
[MD5.72A7D54EB3626CFCBC8B550385CEF97A] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.9436]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.8796]
[MD5.4614A8098872CB9E14FE32C89EDE9BB9] - (.Google - Hangouts Plugin.) -- C:\Users\Junior\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe [64008] [PID.10656]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.9740]
[MD5.201BCF8550512C105BAC78E9FA401260] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe [452136] [PID.460]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.2396]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.2432]
[MD5.45AC3A82E538BF7CD1FDCC539EA7FC30] - (.Citrix Systems, Inc. - Citrix Diagnostic Facility COM Server.) -- C:\Program Files (x86)\Common Files\Citrix\System32\CdfSvc.exe [321448] [PID.2476]
[MD5.9A59DF2CA690019FEA3B265D5A7EB619] - (.Conexant Systems, Inc. - Utility Service.) -- C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184] [PID.2524]
[MD5.D1E9CB573A9EDF7BE12E9C57F32E97F7] - (.HP - HP LaserJet Service.) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920] [PID.2576]
[MD5.49869B871F6DB76021D0E9B5DF1CC2CB] - (.Intel Corporation - Intel(R) Rapid Start Technology Service.) -- C:\Windows\SysWOW64\irstrtsv.exe [192856] [PID.2696]
[MD5.4284A8419521000661EECB2639B30F66] - (...) -- C:\Windows\SysWOW64\drivers\ldlcserv.exe [24064] [PID.2748]
[MD5.3CAE2BBC86FCF7F94C9696994AF30386] - (.No owner - PassThruSvr Application.) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424] [PID.3024]
[MD5.05A3A9FE1C9060EF72741E2434320562] - (.Citrix Systems, Inc. - Citrix Streaming Client Helper Service.) -- C:\Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe [210920] [PID.3172]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.3264]
[MD5.962503AA7DFFB1D00D8664CD3A1FC40B] - (.Razer Inc. - RzKLService.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448] [PID.3288]
[MD5.4215C271D6E6898C3F4DABAB4F387DC9] - (.SoftThinks SAS - SoftThinks Agent Service.) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe [1695040] [PID.3652]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.3708]
[MD5.BE463B423C33C038ADCE0EDB6C2FD208] - (...) -- C:\Program Files (x86)\Connection Manager\AssistantServices.exe [270672] [PID.3912]
[MD5.363B76E94C65E235C2D6F676B49829E5] - (.VMware, Inc. - VMware NAT Service.) -- C:\Windows\SysWOW64\vmnat.exe [437328] [PID.1552]
[MD5.A5B25E310678175F4779499FFF7D0994] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880] [PID.3972]
[MD5.CB619D0957FD55244B4B819965CE5569] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728] [PID.4008]
[MD5.D55D211F69C54EEB51C06E2EBE62B0D2] - (.Citrix Systems, Inc. - Citrix Streaming Client Service.) -- C:\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe [1062888] [PID.4244]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.4300]
[MD5.549CD7035F5CF5CEE4DE11539C9715F4] - (.VMware, Inc. - VMware Authorization Service.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [86096] [PID.4464]
[MD5.9C9D86BEDE5D4A357FD7924F2CB02791] - (.VMware, Inc. - VMware VMnet DHCP service.) -- C:\Windows\SysWOW64\vmnetdhcp.exe [358480] [PID.4576]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.4716]
[MD5.D858BA2EE718B1DB1CED20646E641D08] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608] [PID.5000]
[MD5.545462D0DBE24AF379BA869B7C185CCD] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592] [PID.9200]
[MD5.5C08357C65F658E29B5DDC2EF18D575C] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.6180]
[MD5.0DFC9713D117B349E41A2A477448107A] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.9248]
[MD5.D0FA7DAC4B19075B12AC60EC148EA04F] - (.setup - Frevens Pro 13 exe.) -- C:\Program Files (x86)\Frevens Pro 13\Frevens Pro 13-nova.exe [592744] [PID.6684]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Junior\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 20 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Junior\AppData\Roaming\Mozilla\Firefox\Profiles\c3newgle.default\prefs.js
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Junior\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 38 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 32 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Junior]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 07s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [ETDCtrl] . (.ELAN Microelectronics Corp. - ETD Control Center.) -- C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio Control Panel application.) -- C:\Program Files\CONEXANT\SA3\SACpl.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Suite Common Rescource.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
O4 - HKLM\..\Run: [HP LaserJet Professional CM1410 Series Fax] . (.Hewlett-Packard Company - hppfaxprintersrv.) -- C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [googletalk] . (.Google - Google Talk.) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
O4 - HKLM\..\Wow6432Node\Run: [UIExec] . (...) -- C:\Program Files (x86)\Connection Manager\UIexec.exe
O4 - HKLM\..\Wow6432Node\Run: [ToolboxFX] . (.Hewlett-Packard Company - HPTLBXFX.) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
O4 - HKLM\..\Wow6432Node\Run: [ConnectionCenter] . (.Citrix Systems, Inc. - Citrix Connection Center.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCEPServiceManager] . (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2540036000-684020986-2625112546-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Clique para Telefonar do Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office15\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F138B6E-DCAD-400B-AC37-3E920CDEBBC5}: NameServer = 201.17.0.52,201.17.0.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{84D9C775-4EF3-4214-B845-F5FE9811501E}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{84D9C775-4EF3-4214-B845-F5FE9811501E}: DhcpDomain = persist
O17 - HKLM\System\CS1\Services\Tcpip\..\{5F138B6E-DCAD-400B-AC37-3E920CDEBBC5}: NameServer = 201.17.0.52,201.17.0.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{84D9C775-4EF3-4214-B845-F5FE9811501E}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{84D9C775-4EF3-4214-B845-F5FE9811501E}: DhcpDomain = persist
O17 - HKLM\System\CS2\Services\Tcpip\..\{5F138B6E-DCAD-400B-AC37-3E920CDEBBC5}: NameServer = 201.17.0.52,201.17.0.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{84D9C775-4EF3-4214-B845-F5FE9811501E}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{84D9C775-4EF3-4214-B845-F5FE9811501E}: DhcpDomain = persist
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\Citrix\system32\radeaphook64.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: LocalSystem (ldlcserv) . (...) - C:\Windows\SysWOW64\drivers\ldlcserv.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) . (.No owner - PassThruSvr Application.) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: (TrcBoot) . (...) - C:\Windows\SysWOW64\drivers\trcboot.exe
~ Services: 35 Legitimates Filtered in 00mn 08s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{90BC8460-EB3D-4E30-A532-7F7D8F21125A}] (...) -- C:\Program Files (x86)\Wifi Protector BI\Uninstall.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [900]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [900]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [904]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [904]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1064]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2540036000-684020986-2625112546-1000Core [1030]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2540036000-684020986-2625112546-1000UA [1082]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 03s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (netfilter64) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\netfilter64.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({50c078f1-4117-4aad-852a-0b3bbfb46b18}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}w64.sys =>PUP.LinkiDoo
~ Drivers: 102 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: APF - (...) [HKLM][64Bits] -- APF
O42 - Logiciel: Acelerador de Downloads - (.Acelerador de Downloads.) [HKLM][64Bits] -- {33BB1D6F-2708-4B3F-92FC-639B9540F1A1}_is1
O42 - Logiciel: Agua versão 0.60 - (.Grant Soft.) [HKLM][64Bits] -- {6220244D-3AF9-46EA-984D-16046965E9BA}_is1
O42 - Logiciel: Arquivo090113 - (...) [HKLM][64Bits] -- {888E91C6-7347-4361-B118-317C73425102}_is1
O42 - Logiciel: Buscapé na Hora - (.Buscapé Company.) [HKLM][64Bits] -- Buscapé na Hora
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Guia Multimídia de Remédios - (...) [HKLM][64Bits] -- ST6UNST #1
O42 - Logiciel: Hábil Pessoal + Veículos 3.1 - (.Koinonia Software Ltda..) [HKLM][64Bits] -- {B32B1095-07AA-47D5-B110-2863B7DBFF57}_is1
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Pacote-Instal-Age-Bco - (.Default Company Name.) [HKLM][64Bits] -- {3EADBB24-15C5-4227-AB60-8E5501C83C7C}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: TN3270 Plus 3.5.9 - (.SDI USA Inc..) [HKLM][64Bits] -- {8575AEA7-890A-442F-9817-D85522750239}
O42 - Logiciel: iba revistas - (.iba.) [HKCU][64Bits] -- 3b291b42a34ebd2c
~ Logic: 46 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\GrantSoft]
[HKCU\Software\HabilPessoal]
[HKCU\Software\MCsoft]
[HKCU\Software\SDI]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Frevens Pro 13]
[HKLM\Software\Wow6432Node\MCsoft]
[HKLM\Software\Wow6432Node\SDI]
~ Key Software: 531 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/04/2014 - 19:33:44 - [] ----D C:\Program Files (x86)\Acelerador de Downloads
O43 - CFD: 27/05/2014 - 20:15:47 - [] ----D C:\Program Files (x86)\Ares
O43 - CFD: 23/05/2014 - 10:41:18 - [] ----D C:\Program Files (x86)\Arquivo090113
O43 - CFD: 27/05/2014 - 20:32:45 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 24/10/2013 - 17:00:46 - [] ----D C:\Program Files (x86)\Buscapé na Hora
O43 - CFD: 27/05/2014 - 20:32:46 - [] ----D C:\Program Files (x86)\Frevens Pro 13
O43 - CFD: 29/10/2012 - 14:59:31 - [] ----D C:\Program Files (x86)\Guia Multimídia de Remédios
O43 - CFD: 26/03/2014 - 11:06:47 - [] ----D C:\Program Files (x86)\Mainframe ABEND ASSIST
O43 - CFD: 09/01/2013 - 13:21:42 - [] ----D C:\Program Files (x86)\MCsoft
O43 - CFD: 01/03/2013 - 14:53:34 - [] ----D C:\Program Files (x86)\Pas
O43 - CFD: 26/04/2013 - 18:21:46 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 28/08/2012 - 10:01:36 - [] ----D C:\Program Files (x86)\SDI
O43 - CFD: 27/05/2014 - 20:13:52 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 13/05/2014 - 10:17:19 - [] ----D C:\ProgramData\CDB
O43 - CFD: 27/05/2014 - 20:18:22 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 28/08/2012 - 10:01:36 - [] ----D C:\ProgramData\SDI
O43 - CFD: 26/05/2014 - 11:46:58 - [] ----D C:\ProgramData\SUPPORTDIR
O43 - CFD: 04/01/2013 - 17:19:35 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
O43 - CFD: 10/09/2012 - 15:21:20 - [] ----D C:\Users\Junior\AppData\Roaming\Aquanic
O43 - CFD: 27/05/2014 - 20:32:55 - [] ----D C:\Users\Junior\AppData\Roaming\Baidu Security
O43 - CFD: 19/09/2013 - 12:04:35 - [] ----D C:\Users\Junior\AppData\Roaming\DusanRodina
O43 - CFD: 04/01/2013 - 17:09:53 - [] ----D C:\Users\Junior\AppData\Roaming\FVD3
O43 - CFD: 04/02/2014 - 08:40:34 - [] ----D C:\Users\Junior\AppData\Roaming\ProductData
O43 - CFD: 04/02/2014 - 09:52:44 - [] ----D C:\Users\Junior\AppData\Roaming\rmi
O43 - CFD: 28/08/2012 - 10:01:36 - [] ----D C:\Users\Junior\AppData\Roaming\SDI
O43 - CFD: 13/09/2012 - 17:27:37 - [] ----D C:\Users\Junior\AppData\Local\Ares
O43 - CFD: 23/05/2014 - 11:45:39 - [] ----D C:\Users\Junior\AppData\Local\com
O43 - CFD: 19/09/2013 - 12:03:03 - [] ----D C:\Users\Junior\AppData\Local\DusanRodina
O43 - CFD: 09/01/2013 - 13:21:43 - [] ----D C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\APF
O43 - CFD: 14/01/2014 - 21:16:33 - [] ----D C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 29/10/2012 - 14:58:46 - [0] ----D C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guia Multimídia de Remédios
O43 - CFD: 30/08/2013 - 15:14:25 - [] ----D C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iba
O43 - CFD: 22/02/2014 - 14:58:43 - [0] ----D C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mainframe ABEND ASSIST
O43 - CFD: 26/04/2013 - 18:20:22 - [] ----D C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 25/04/2014 - 17:59:08 - [] ----D C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
O43 - CFD: 23/09/2013 - 15:43:24 - [] ----D C:\Users\Junior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\°²»úÍø
~ Program Folder: 345 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.761524E8C8C72CE0B4EAF7A07DA940BB] - 13/05/2014 - 10:36:14 ---A- . (.Wondershare Software - No Comment.) -- C:\Windows\System32\WSMonEditor.dll [96328]
O44 - LFC:[MD5.8E9E3CBA08EC47245B277110835CF305] - 22/05/2014 - 19:37:25 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [38216]
O44 - LFC:[MD5.B2C847173A75D432BDBBC96805A55132] - 26/05/2014 - 15:05:42 ---A- . (...) -- C:\zoek-results2014-05-26-180542.log [54871]
O44 - LFC:[MD5.D46073CE5DEBEA3822DC7DE652732C81] - 26/05/2014 - 16:53:26 ---A- . (...) -- C:\zoek-results2014-05-26-195326.log [37176]
O44 - LFC:[MD5.6DF81C468BA61BA2FA22486AFA007DD7] - 26/05/2014 - 17:35:11 ---A- . (...) -- C:\zoek-results2014-05-26-203511.log [83385]
O44 - LFC:[MD5.E7FC172679E9F1E23839D054CE6FB1E1] - 26/05/2014 - 17:59:38 ---A- . (...) -- C:\zoek-results2014-05-26-205938.log [82439]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 26/05/2014 - 20:45:38 ---A- . (...) -- C:\Windows\diagerr.xml [1908]
O44 - LFC:[MD5.D1E75542EC8D1B4851765A57AC63618E] - 26/05/2014 - 20:45:38 ---A- . (...) -- C:\Windows\diagwrn.xml [1908]
O44 - LFC:[MD5.B90A312E19F2C3D26BFD17D421BF1683] - 27/05/2014 - 15:23:56 ---A- . (...) -- C:\zoek-results2014-05-27-182356.log [55027]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 27/05/2014 - 16:25:57 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.30E8D13D5257CCF700F3E5010FC0499A] - 27/05/2014 - 16:28:39 ---A- . (...) -- C:\zoek-results.log [51204]
O44 - LFC:[MD5.12AC5A9DC77CD6C87BA4EB837D9C6A64] - 27/05/2014 - 16:29:35 ---A- . (...) -- C:\Windows\win.ini [699]
O44 - LFC:[MD5.90544A6CCD5A47A3FD90E81229384963] - 27/05/2014 - 20:17:15 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [181160]
O44 - LFC:[MD5.58E2651F558CD8626EB90367F4FD3595] - 27/05/2014 - 20:17:15 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [790210]
~ Files: 56 Legitimates Filtered in 01mn 57s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (...) -- C:\Program Files (x86)\Ares\Ares.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Megacubo Update [Key] . (.www.megacubo.net - No Comment.) -- C:\Program Files (x86)\Megacubo\megacubo.exe
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/09/2013 - 18:50:58 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]
O58 - SDL:15/08/2013 - 18:36:40 ---A- . (.NetFilterSDK.com - NetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\bphfilterdrv.sys [42088]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:14/03/2012 - 07:42:50 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [201008]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:07/12/2012 - 18:27:50 ---A- . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\Windows\System32\Drivers\htcnprot.sys [36928]
O58 - SDL:18/06/2010 - 23:36:04 ---A- . (.Siliten - Flex Define Keyboard Driver.) -- C:\Windows\System32\Drivers\InputFilter_FlexDef2b.sys [17920]
O58 - SDL:26/03/2011 - 09:37:12 ---A- . (.MBB Incorporated - CDROM Filter.) -- C:\Windows\System32\Drivers\massfilter.sys [11776]
O58 - SDL:28/02/2014 - 15:16:46 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\netfilter64.sys [61736]
O58 - SDL:15/07/2011 - 21:31:22 ---A- . (.ST Microelectronics - Disk Class Filter Driver for Accelerometer.) -- C:\Windows\System32\Drivers\stdcfltn.sys [22128]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:03/01/2012 - 21:04:52 ---A- . (.STMicroelectronics - STM Accelerometer Device Driver.) -- C:\Windows\System32\Drivers\ST_ACCEL.sys [67184]
O58 - SDL:30/10/2013 - 08:18:43 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
O58 - SDL:09/04/2014 - 22:21:02 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [38216]
O58 - SDL:24/04/2014 - 12:19:48 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}w64.sys [61112] =>PUP.LinkiDoo
O58 - SDL:05/12/2012 - 10:46:15 -SHA- . (...) -- C:\Windows\System32\winzvprt5.sys [608]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\anydlc.sys [36448]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\appn.sys [1263872]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\appnapi.sys [116704]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\appnbase.sys [182400]
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:27/05/2014 - 20:11:40 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\HLLDRVR.SYS [251]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\klognt.sys [22504]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\llc2.sys [99008]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\llc2w2k.sys [99008]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\nstrcnt.sys [10816]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pcscoax.sys [30720]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnacom.sys [74480]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnafac.sys [35120]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnampa.sys [92064]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnatcm.sys [19456]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnatdl.sys [16896]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnatnm.sys [64512]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnatsn.sys [69632]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnawac.sys [69568]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlncbas.sys [5712]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlncfwk.sys [159616]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnctdl.sys [10752]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlndint.sys [11264]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlndldl.sys [57856]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlndlpb.sys [70144]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlndoem.sys [17920]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlndqll.sys [52224]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlndsdl.sys [66048]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlndtdl.sys [50688]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnebas.sys [7520]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnecfg.sys [49312]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnemap.sys [66432]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnemsg.sys [11648]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnepkt.sys [18704]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnshay.sys [59008]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnslea.sys [21408]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnsv25.sys [53920]
O58 - SDL:15/01/2001 - 05:01:00 ---A- . (...) -- C:\Windows\SysWOW64\drivers\pdlnsx25.sys [58096]
~ Drivers: 148 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 28/02/2014 - C:\Windows\System32\drivers\netfilter64.sys (netfilter64) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_NETFILTER64
O64 - Services: CurCS - 08/10/2013 - C:\Windows\System32\drivers\vsock.sys (vsock) .(.VMware, Inc. - VMware vSockets Service.) - LEGACY_VSOCK
~ Legacy: 114 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\baidu\Spark26.5.9999.3313\Spark.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {05046B93-CC41-4CF5-84CF-3AC3004B22A7} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {13BB9EFE-6AE3-49B9-B115-DD16F657AD45} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {56B46F5F-6BE6-3BD4-F4CA-125015AD885B} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.F14E5DC0EA2BE988653808FC61931713] [SPRF][22/11/2013] (...) -- C:\Users\Junior\AppData\Roaming\unins000.dat [16567]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{5E8125A6-246D-4A85-A3AC-A0DE26C31874}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{DED2387A-1002-402A-AD1C-130276624CFE}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{B70E580E-6363-439C-B194-77E277709F71}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Junior\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{2198ACD9-8422-47A5-8EF7-9C65DD2B8D50}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Junior\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 4 Legitimates Filtered in 00mn 02s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.8797F3592E055284D113FEAA21B71ED3] [WIS][13/08/2012] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\866413.msi [28160] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl_v2ToolbarHelper_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrentControl_v2ToolbarHelper_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 502 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 5386 Legitimates Filtered in 00mn 05s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/03/2014 69632 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 27/05/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 27/05/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 13/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 31/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Auto 04/02/2014 2151744 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 15/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 06/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (TrcBoot) . (...) - C:\Windows\System32\drivers\trcboot.exe
SS - | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SR - | Auto 04/03/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 21/05/2011 267480 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SR - | Auto 19/01/2012 106144 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Auto 03/05/2011 321448 | (CdfSvc) . (.Citrix Systems, Inc..) - C:\Program Files (x86)\Common Files\Citrix\System32\CdfSvc.exe
SR - | Auto 11/10/2011 109184 | (CxUtilSvc) . (.Conexant Systems, Inc..) - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
SR - | Auto 15/12/2011 458064 | (DpHost) . (.DigitalPersona, Inc..) - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
SR - | Auto 25/10/2010 145920 | (HP LaserJet Service) . (.HP.) - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
SR - | Auto 01/02/2012 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 10/01/2012 627936 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 25/02/2012 192856 | (irstrtsv) . (.Intel Corporation.) - C:\Windows\SysWOW64\irstrtsv.exe
SR - | Auto 10/07/1658 0 | (ldlcserv) . (...) - C:\Windows\System32\drivers\ldlcserv.exe
SR - | Auto 21/01/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 09/04/2014 4357488 | (NOBU) . (.Dell, Inc..) - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
SR - | Auto 07/12/2012 167424 | (PassThru Service) . (...) - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 20/07/2012 210920 | (RadeHlprSvc) . (.Citrix Systems, Inc..) - C:\Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
SR - | Auto 20/07/2012 1062888 | (RadeSvc) . (.Citrix Systems, Inc..) - C:\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 22/11/2013 105448 | (RzKLService) . (.Razer Inc..) - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
SR - | Auto 16/02/2012 1695040 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
SR - | Auto 01/11/2011 270672 | (UI Assistant Service) . (...) - C:\Program Files (x86)\Connection Manager\AssistantServices.exe
SR - | Auto 21/01/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 18/08/2011 3175728 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\Windows\system32\vcsFPService.exe
SR - | Auto 18/10/2013 86096 | (VMAuthdService) . (.VMware, Inc..) - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
SR - | Auto 10/07/1658 0 | (VMnetDHCP) . (.VMware, Inc..) - C:\Windows\system32\vmnetdhcp.exe
SR - | Auto 09/10/2013 905272 | (VMUSBArbService) . (.VMware, Inc..) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
SR - | Auto 10/07/1658 0 | (VMware NAT Service) . (.VMware, Inc..) - C:\Windows\system32\vmnat.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2012 158880 | (ZAtheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
SR - | Auto 31/01/2012 73728 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
~ Services: Scanned in 00mn 08s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3

[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Windows\Installer\866413.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 542954 Items scanned in 00mn 24s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Office
[Você precisa estar registrado e conectado para ver este link.] =>PUP.LinkiDoo
[Você precisa estar registrado e conectado para ver este link.] =>PUP.MyPCBackup
~ MSI: 3 link(s) detected in 00mn 00s



~ 1307 Legitimates filtered by white list
End of the scan (721 lines in 03mn 21s)(0)
avatar
Junior Pernambucano
Iniciante
Iniciante

Mensagens : 10
Reputação : 0
Data de inscrição : 27/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Power Max em Ter 27 Maio 2014, 21:02

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Qua 28 Maio 2014, 15:28, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Junior Pernambucano em Ter 27 Maio 2014, 21:13

Estamos indo bem...... já não estou sendo incomodado pela Umbrella.....

Vamos até o fim com esta limpeza.....

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Junior at 27/05/2014 21:11:35
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {50c078f1-4117-4aad-852a-0b3bbfb46b18}w64
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Frevens Pro 13
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\{50c078f1-4117-4aad-852a-0b3bbfb46b18}w64.sys
ELIMINÉ Temporários windows (13) (6.626.519 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {90BC8460-EB3D-4E30-A532-7F7D8F21125A}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Outros ==========
NÃO-TRATADO _____________________________________________________________________________________________________________


========== Recapitulativo ==========
10 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema
1 : Outros


End of clean in 00mn 23s

========== Caminho do ficheiro do relatório ==========
C:\Users\Junior\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 20:33:06 [7714]
C:\Users\Junior\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/05/2014 21:11:40 [2001]
avatar
Junior Pernambucano
Iniciante
Iniciante

Mensagens : 10
Reputação : 0
Data de inscrição : 27/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Power Max em Ter 27 Maio 2014, 21:47

Faça o download do Malwarebytes em um destes links abaixo:
[Você precisa estar registrado e conectado para ver este link.]
[Você precisa estar registrado e conectado para ver este link.]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Você precisa estar registrado e conectado para ver este link.]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Junior Pernambucano em Qua 28 Maio 2014, 14:13

Prezados

Após executar o anti-malware por algumas horas, na hora de salvar o LOG aconteceu um problema que solicita o fechamento do programa.

Como eu posso enviar o resultado da execução/quarentena sem este problema? Foram gerados muitos registros para a quarentena.....

Aguardo orientações.
avatar
Junior Pernambucano
Iniciante
Iniciante

Mensagens : 10
Reputação : 0
Data de inscrição : 27/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Power Max em Qua 28 Maio 2014, 14:30

Após executar o anti-malware por algumas horas, na hora de salvar o LOG aconteceu um problema que solicita o fechamento do programa.
Qual problema exatamente aconteceu? Qual a mensagem que apareceu?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Junior Pernambucano em Qua 28 Maio 2014, 14:46

Quando o Anti-Malware chegou ao final ele pediu para reinicializar o computador e eu não fiz na hora pois esta fazendo outro serviço e quando eu o fiz, não o fiz pelo programa Anti-Malware, fiz pelo Windows, acredito que ele perdeu o registro de LOG do processamento neste comando. Quando re-iniciei o programa Anti-Malware e solicitei que ele exportasse esse LOG, o programa apresentou um erro e que precisaria ser fechado. Não sei se fui bem claro, acredito que o erro foi provocado por não haver mais informações do LOG do processamento. Não sei como esse LOG pode ser recuperado, alguma sugestão? Apesar disso ele colocou vários arquivos de Quarentena.

No aguardo.
avatar
Junior Pernambucano
Iniciante
Iniciante

Mensagens : 10
Reputação : 0
Data de inscrição : 27/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Power Max em Qua 28 Maio 2014, 14:59

O importante é que ele colocou os vírus na quarentena dele, então está tudo certo.

Como está o PC depois destes procedimentos?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Junior Pernambucano em Qua 28 Maio 2014, 15:22

Show de bola! Nem com a chuva toda que anda caindo o malware UMBRELLA sobreviveu, foi exterminado. Só não sei o que provocou a instalação dele. Você poderia me orientar quanto a evitar esse problema?

E quanto a todas as tentativas de extermínio que foram feitas, se houver reincidência qual deles devo usar? Ou devo usar todos eles de novo? Pelo que vi este último foi poderoso...... estou certo?

Independente disso só tenho a agradecer penhoradamente por todo trabalho que vocês tiveram...... e dizer que agora me tornarei um leitos assíduo e propagador de tudo que encontrar no FÓRUM PC BRASIL, ok?

Muito Obrigado e parabéns vocês realmente conhecem muito!

Abraços.
avatar
Junior Pernambucano
Iniciante
Iniciante

Mensagens : 10
Reputação : 0
Data de inscrição : 27/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Power Max em Qua 28 Maio 2014, 15:27

E quanto a todas as tentativas de extermínio que foram feitas, se houver reincidência qual deles devo usar?
Se for necessário no futuro, é só criar um novo tópico na área de Remoção de Malwares que lhe auxiliamos na limpeza dos problemas.
______________________________________________________________________________________________________

isso aí! Fico feliz que o problema tenha sido resolvido.

Só para finalizar siga estes tutoriais abaixo, por gentileza:

[Você precisa estar registrado e conectado para ver este link.]

[Você precisa estar registrado e conectado para ver este link.]
_______________________________________________________________________________________________________________________

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Você precisa estar registrado e conectado para ver este link.].
_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Você precisa estar registrado e conectado para ver este link.] = O melhor da internet você encontra aqui.

[Você precisa estar registrado e conectado para ver este link.] = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Danii em Qua 28 Maio 2014, 21:24

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Você precisa estar registrado e conectado para ver este link.] solicitando o desbloqueio.
avatar
Danii
Membro Pleno
Membro Pleno

Mensagens : 562
Reputação : 77
Data de inscrição : 04/04/2014
Localização : Brasil

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert resistente ao Adwcleaner 3.211, JRT e Zoek.

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum