Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 10 usuários online :: 0 registrados, 0 invisíveis e 10 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Problemas com Baidu
3 participantes
Página 1 de 1
Problemas com Baidu
por Luis Francisco Qui 05 Jun 2014, 21:44
Boa noite,instalei jv16 Power Tools 2014 e fiz a varredura com localizador de registro e apareceu tudo isso,seleciono excluir da erro,como devo proceder?Obrigado Luis
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\
todos nome de entrada DeviceDesc
Baidu Hook Base
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\
Baidu Protect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\
Baidu ProtectEx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\
Baidu Hook Base
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\
Baidu Protect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\
Baidu ProtectEx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\
Baidu Hook Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\
Baidu Protect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\
Baidu ProtectEx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\
Baidu Antivirus Minifilter Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\
Baidu FS Monitor Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\
Baidu Antivirus Minifilter Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\
Baidu FS Monitor Driver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\
Baidu Antivirus Minifilter Driver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\
Baidu FS Monitor Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\
todos nome de entrada DeviceDesc
Baidu Hook Base
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\
Baidu Protect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\
Baidu ProtectEx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\
Baidu Hook Base
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\
Baidu Protect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\
Baidu ProtectEx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\
Baidu Hook Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\
Baidu Protect
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\
Baidu ProtectEx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\
Baidu Antivirus Minifilter Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\
Baidu FS Monitor Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\
Baidu Antivirus Minifilter Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\
Baidu FS Monitor Driver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\
Baidu Antivirus Minifilter Driver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\
Baidu FS Monitor Driver
Luis Francisco- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 05/06/2014
Idade : 62
Localização : Fartura -
Re: Problemas com Baidu
por Power Max Qui 05 Jun 2014, 22:19
Olá Luis.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Luis Francisco- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 05/06/2014
Idade : 62
Localização : Fartura -
Re: Problemas com Baidu
por Power Max Sex 06 Jun 2014, 10:24
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Sex 06 Jun 2014, 11:56, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Resultado Zoek
por Luis Francisco Sex 06 Jun 2014, 11:14
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by Luis on 06/06/2014 at 10:42:40,24.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luis\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-04-152311.log 18725 bytes
C:\zoek-results2014-06-04-162950.log 14309 bytes
==== System Restore Info ======================
06/06/2014 10:44:18 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\ml7lpulk.default-1393431753209\prefs.js:
user_pref("browser.startup.homepage", "http://www.uol.com.br");
user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
user_pref("browser.search.defaultenginename", "v9");
user_pref("browser.search.selectedEngine", "v9");
Added to C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\ml7lpulk.default-1393431753209\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Citrio.IOVRA4WMR6K7CDC3ZZMRPPCUDE\shell\open\command]
@="C:\\Users\\Luis\\AppData\\Local\\CatalinaGroup\\Citrio\\Application\\chrome.exe"
==== Folders Found ======================
2014-02-27 02:13:26 2014-02-27 02:13:26 -------- d-----w- C:\Users\Luis\AppData\Roaming\Baidu Security
2014-02-27 02:17:26 2014-02-27 02:17:26 -------- d-----w- C:\Users\Luis\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-27 02:17:27 2014-02-27 02:17:27 -------- d-----w- C:\Users\Luis\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-03-20 19:05:58
Modified time: 2014-03-20 22:48:46
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com" [20/05/2014 09:49]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\ml7lpulk.default-1393431753209
- Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\ml7lpulk.default-1393431753209
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
025BBEF5A248B09BDC6684747F6EB5BC - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
4362EDDB9AE592E7021ACBB4531B1460 - C:\Users\Luis\AppData\Local\CatalinaGroup\Update\1.3.25.205\npCatalinaUpdate3.dll - CatalinaGroup Update
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Luis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[18/08/2012 15:06]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx[18/08/2012 15:06]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx[18/08/2012 15:06]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx[20/03/2014 16:40]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[18/08/2012 15:06]
Save to 4shared - Luis\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\adnkagodbfngmdajbbocegjnllfmdaie
Downloads - Luis\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\dcagnhpbnggmbihndfkkhfjojgbaaedo
Proxy - Luis\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\hpofinfdicogoakggciidggcikhgklcj
Google Wallet - Luis\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Branding - Luis\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Extensions\oocjgdbfocddoflggljlfmpapfiiccak
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Luis\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Preferences was reset successfully
C:\Users\Luis\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Web Data was reset successfully
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\EZ CD Audio Converter.lnk - C:\Program Files\EZ CD Audio Converter\ezcd.exe
C:\Users\Public\Desktop\Free FLAC to MP3 Converter.lnk - C:\Program Files\Free FLAC to MP3 Converter\FLACToMP3.exe
C:\Users\Public\Desktop\Free MIDI to MP3 Converter.lnk - C:\Program Files\Free MIDI to MP3 Converter\MIDIToMP3.exe
C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLAC to MP3 Converter\Free FLAC to MP3 Converter.lnk - C:\Program Files\Free FLAC to MP3 Converter\FLACToMP3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLAC to MP3 Converter\Uninstall Free FLAC to MP3 Converter.lnk - C:\Program Files\Free FLAC to MP3 Converter\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MIDI to MP3 Converter\Free MIDI to MP3 Converter.lnk - C:\Program Files\Free MIDI to MP3 Converter\MIDIToMP3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MIDI to MP3 Converter\Uninstall Free MIDI to MP3 Converter.lnk - C:\Program Files\Free MIDI to MP3 Converter\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner\TagScanner Help.lnk - C:\Program Files\TagScanner\help\1.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner\TagScanner on the Web.lnk - C:\Program Files\TagScanner\Tagscan.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner\TagScanner.lnk - C:\Program Files\TagScanner\Tagscan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner\Uninstall TagScanner.lnk - C:\Program Files\TagScanner\unins000.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Luis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Luis\AppData\Local\Mozilla\Firefox\Profiles\ml7lpulk.default-1393431753209\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Luis\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=17 folders=3 272776 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Luis\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Luis\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 06/06/2014 at 10:54:52,20 ======================
Luis Francisco- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 05/06/2014
Idade : 62
Localização : Fartura -
Re: Problemas com Baidu
por Power Max Sex 06 Jun 2014, 11:24
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Sex 06 Jun 2014, 11:56, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Problemas com Baidu
por Luis Francisco Sex 06 Jun 2014, 11:51
--- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-03-20 19:05:58
Modified time: 2014-03-20 22:48:46
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=29 folders=18 6190223 bytes)
==== EOF on 06/06/2014 at 11:41:47,35 ======================
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-03-20 19:05:58
Modified time: 2014-03-20 22:48:46
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=29 folders=18 6190223 bytes)
==== EOF on 06/06/2014 at 11:41:47,35 ======================
Luis Francisco- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 05/06/2014
Idade : 62
Localização : Fartura -
Re: Problemas com Baidu
por Power Max Sex 06 Jun 2014, 11:55
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Luis Francisco- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 05/06/2014
Idade : 62
Localização : Fartura -
Re: Problemas com Baidu
por Power Max Sex 06 Jun 2014, 12:10
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Problemas com Baidu
por Luis Francisco Sex 06 Jun 2014, 12:45
~ Relatório do ZHPDiag v2014.6.6.85 - Nicolas Coolman (06/06/2014)
~ Iniciado por Luis (06/06/2014 12:40:11)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Kaspersky Internet Security 2013 v13.0.1.4190
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2035 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 200 GB (85%) free of 233 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LUIS-PC
~ User Name: Luis
~ All Users Names: Luis, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luis\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luis\AppData\Roaming\
~ %Desktop% : C:\Users\Luis\Desktop\
~ %Favorites% : C:\Users\Luis\Favorites\
~ %LocalAppData% : C:\Users\Luis\AppData\Local\
~ %StartMenu% : C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 200 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 09:17:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.15/11/2013 - 10:05:09.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/668
~ Mes musiques (My Musics) : 3/434
~ Mes Favoris (My Favorites) : 1/130
~ Mes Documents (My Documents) : 1/178
~ Mon Bureau (My Desktop) : 1/17
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.094A47AB1D4966C8CD318AD7EB1521A6] - (.SlimWare Utilities, Inc. - SlimDrivers.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe [29395264] [PID.1876]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2740]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2784]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2800]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2808]
[MD5.06DE1310E3F1EA208B3C3B3C3ADE6B55] - (.Creative Technology Ltd - CTSysVol.exe.) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [57344] [PID.2872]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2896]
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128] [PID.1832]
[MD5.1B31D1266691EDD4224B0036449F14B4] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2980]
[MD5.96E8CF4D3731D90058DE39A3BECAD707] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1201448] [PID.3220]
[MD5.0DA891CB0703D912CEAFA072F54D002B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.44436]
[MD5.28B02EA673489A4EFBB20A9B302D523C] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5648]
[MD5.038053B5DB6B0DCFB32B7682334B7625] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe [1863856] [PID.4324]
[MD5.B2A76113F901D808E80FBF11077C0033] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8065024] [PID.6600]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@catalinahub.com/CatalinaGroup Update;version=3] - (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Update\1.3.25.205\npCatalinaUpdate3.dll
P2 - FPN: [HKCU] [@catalinahub.com/CatalinaGroup Update;version=9] - (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Update\1.3.25.205\npCatalinaUpdate3.dll
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Luis]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Luis\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Luis]: Citrio.lnk . (.Catalina Group Ltd. - Citrio.) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Citrio\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - GS\Desktop [Luis]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
~ Global Startup: 3 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [P17RunE] Chave orfã
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CTSysVol] . (.Creative Technology Ltd - CTSysVol.exe.) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Luis\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2117434112-3775733973-933475781-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2117434112-3775733973-933475781-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Luis\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{00504E68-3D6F-4E0D-9C5D-C2C0B1CE4662}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{00504E68-3D6F-4E0D-9C5D-C2C0B1CE4662}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{00504E68-3D6F-4E0D-9C5D-C2C0B1CE4662}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
~ Services: 6 Legitimates Filtered in 00mn 03s
---\\ Tarefas planificadas automaticamente (039)
[MD5.6EA1029029E05B6AB3922F107FD87943] [APT] [CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core] (.Catalina Group Ltd..) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [147440]
[MD5.6EA1029029E05B6AB3922F107FD87943] [APT] [CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA] (.Catalina Group Ltd..) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [147440]
[MD5.00000000000000000000000000000000] [APT] [{1796D57D-1ADF-4D00-AEB8-82B8F5C6D9D7}] (...) -- C:\Program Files\Creative\SBAudigy\Device Control\USBAudio.cpl" -c Controle de Dispositivo (.not file.) [0]
[MD5.62D4516E77057B50BEB60FC2B583DD2F] [APT] [{8ABD28A4-B8B9-4FB0-99BB-E76D8E655437}] (...) -- C:\Program Files\ZaraSoft\ZaraRadio\unins000.exe [703976]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core - (.Catalina Group Ltd..) -- C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core.job [882]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core - (.Catalina Group Ltd..) -- C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core [882]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA - (.Catalina Group Ltd..) -- C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA.job [934]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA - (.Catalina Group Ltd..) -- C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA [934]
O39 - APT: - (..) -- C:\Windows\Tasks\DriverEasy Scheduled Scan.job [404]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DriverEasy Scheduled Scan [404]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA [924]
O39 - APT: - (..) -- C:\Windows\Tasks\SlimDrivers Startup.job [384]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SlimDrivers Startup [384]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 87 Legitimates Filtered in 00mn 23s
---\\ Software instalados (042)
O42 - Logiciel: Citrio - (.© CATALINA GROUP LTD..) [HKCU] -- Citrio
O42 - Logiciel: ZaraRadioStudio 2 - (...) [HKLM] -- ZaraRadioStudio 2
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\ZaraSoft]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\ZaraSoft]
~ Key Software: 164 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2014 - 15:31:56 - [] ----D C:\Program Files\Free MIDI to MP3 Converter
O43 - CFD: 12/12/2013 - 11:01:11 - [] ----D C:\Program Files\ZaraSoft
O43 - CFD: 04/05/2014 - 22:18:44 - [] ----D C:\ProgramData\IconCache
O43 - CFD: 19/02/2014 - 12:55:02 - [] ----D C:\Users\Luis\AppData\Roaming\Media Freeware
O43 - CFD: 04/06/2014 - 15:18:55 - [] ----D C:\Users\Luis\AppData\Roaming\wi_upd
O43 - CFD: 05/11/2013 - 23:14:52 - [] ----D C:\Users\Luis\AppData\Local\Ares
O43 - CFD: 28/11/2013 - 19:25:50 - [] ----D C:\Users\Luis\AppData\Local\ZaraRadio
O43 - CFD: 04/06/2014 - 17:43:32 - [] ----D C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio
O43 - CFD: 12/12/2013 - 11:01:11 - [] ----D C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZaraRadioStudio 2
~ Program Folder: 149 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.01447EC8778B766821EF0774EF4A8254] - 04/06/2014 - 11:05:28 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [127896]
O44 - LFC:[MD5.C2B26E3DB8B071E97C46B5903BE8B301] - 04/06/2014 - 11:05:28 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663606]
O44 - LFC:[MD5.4B6BB3C63C9EB45DF53DEFBFA5C7A64D] - 04/06/2014 - 12:23:11 ---A- . (...) -- C:\zoek-results2014-06-04-152311.log [18725]
O44 - LFC:[MD5.D30F60DFB4EABBC440452A2E88690180] - 06/06/2014 - 10:54:52 ---A- . (...) -- C:\zoek-results2014-06-06-135452.log [16257]
O44 - LFC:[MD5.75A8EE6F0917AD9355367DBF25DB8415] - 06/06/2014 - 10:54:55 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464]
O44 - LFC:[MD5.F0AAC59D5E1825F26E2C06B43AF11F9A] - 06/06/2014 - 11:41:47 ---A- . (...) -- C:\zoek-results.log [6620]
~ Files: 15 Legitimates Filtered in 00mn 01s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\CatalinaGroup Update [Key] . (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [49536]
O58 - SDL:01/04/2014 - 13:05:56 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/06/2014 - 10:54:55 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 71 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 08/05/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 20/03/2014 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) - LEGACY_KNEPS
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 122 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Catalina Group Ltd. - Citrio.) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Citrio\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.F70298FA0F839A335590B876CD43C6C6] [SPRF][20/03/2014] (...) -- C:\Users\Luis\AppData\Roaming\1D959CA221C7573.sys [24]
[MD5.F70298FA0F839A335590B876CD43C6C6] [SPRF][20/03/2014] (...) -- C:\Users\Luis\AppData\Roaming\System5908ConfigCollection.dat [24]
[MD5.69EE922EB3BF217DB8119314FD7067AE] [SPRF][22/03/2014] (.DAMN - DAMN keymaker.) -- C:\Users\Luis\Desktop\damn_MP3Plugin_kg.exe [421444]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{B9B33EB3-9932-4A19-B6C6-7B613AD9D5FE}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Luis\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{FD65F0DC-FA2E-46F1-9F9E-5C6078839337}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Luis\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_RASAPI32 =>PUP.SizlSearch
HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_RASMANCS =>PUP.SizlSearch
~ BTK: 72 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/11/2013 79360 | (Creative Audio Engine Licensing Service) . (.Creative Labs.) - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
SS - | Auto 05/11/2013 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 09/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 20/03/2014 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ Scâner Aditional (088)
Database Version : 13026 - (06/06/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
~ Additionnel Scan: 215945 Items scanned in 00mn 16s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Proxy Management (R5)
~ AMI: 1 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SizlSearch
~ MSI: 3 link(s) detected in 00mn 00s
~ 736 Legitimates filtered by white list
End of the scan (462 lines in 01mn 26s)(0)
~ Iniciado por Luis (06/06/2014 12:40:11)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Kaspersky Internet Security 2013 v13.0.1.4190
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2035 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 200 GB (85%) free of 233 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LUIS-PC
~ User Name: Luis
~ All Users Names: Luis, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luis\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luis\AppData\Roaming\
~ %Desktop% : C:\Users\Luis\Desktop\
~ %Favorites% : C:\Users\Luis\Favorites\
~ %LocalAppData% : C:\Users\Luis\AppData\Local\
~ %StartMenu% : C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 200 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 09:17:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.15/11/2013 - 10:05:09.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/668
~ Mes musiques (My Musics) : 3/434
~ Mes Favoris (My Favorites) : 1/130
~ Mes Documents (My Documents) : 1/178
~ Mon Bureau (My Desktop) : 1/17
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.094A47AB1D4966C8CD318AD7EB1521A6] - (.SlimWare Utilities, Inc. - SlimDrivers.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe [29395264] [PID.1876]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.2740]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.2784]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2800]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2808]
[MD5.06DE1310E3F1EA208B3C3B3C3ADE6B55] - (.Creative Technology Ltd - CTSysVol.exe.) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [57344] [PID.2872]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2896]
[MD5.15D2DB9BFA8E833ED31FAB2BB088FDDA] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128] [PID.1832]
[MD5.1B31D1266691EDD4224B0036449F14B4] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2980]
[MD5.96E8CF4D3731D90058DE39A3BECAD707] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1201448] [PID.3220]
[MD5.0DA891CB0703D912CEAFA072F54D002B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.44436]
[MD5.28B02EA673489A4EFBB20A9B302D523C] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5648]
[MD5.038053B5DB6B0DCFB32B7682334B7625] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe [1863856] [PID.4324]
[MD5.B2A76113F901D808E80FBF11077C0033] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8065024] [PID.6600]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@catalinahub.com/CatalinaGroup Update;version=3] - (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Update\1.3.25.205\npCatalinaUpdate3.dll
P2 - FPN: [HKCU] [@catalinahub.com/CatalinaGroup Update;version=9] - (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Update\1.3.25.205\npCatalinaUpdate3.dll
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Luis]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Luis\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Luis]: Citrio.lnk . (.Catalina Group Ltd. - Citrio.) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Citrio\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - GS\Desktop [Luis]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
~ Global Startup: 3 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [P17RunE] Chave orfã
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [CTSysVol] . (.Creative Technology Ltd - CTSysVol.exe.) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Luis\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2117434112-3775733973-933475781-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2117434112-3775733973-933475781-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Luis\AppData\Local\Facebook\Update\FacebookUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kbrd.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{00504E68-3D6F-4E0D-9C5D-C2C0B1CE4662}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{00504E68-3D6F-4E0D-9C5D-C2C0B1CE4662}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{00504E68-3D6F-4E0D-9C5D-C2C0B1CE4662}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
~ Services: 6 Legitimates Filtered in 00mn 03s
---\\ Tarefas planificadas automaticamente (039)
[MD5.6EA1029029E05B6AB3922F107FD87943] [APT] [CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core] (.Catalina Group Ltd..) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [147440]
[MD5.6EA1029029E05B6AB3922F107FD87943] [APT] [CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA] (.Catalina Group Ltd..) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [147440]
[MD5.00000000000000000000000000000000] [APT] [{1796D57D-1ADF-4D00-AEB8-82B8F5C6D9D7}] (...) -- C:\Program Files\Creative\SBAudigy\Device Control\USBAudio.cpl" -c Controle de Dispositivo (.not file.) [0]
[MD5.62D4516E77057B50BEB60FC2B583DD2F] [APT] [{8ABD28A4-B8B9-4FB0-99BB-E76D8E655437}] (...) -- C:\Program Files\ZaraSoft\ZaraRadio\unins000.exe [703976]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core - (.Catalina Group Ltd..) -- C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core.job [882]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core - (.Catalina Group Ltd..) -- C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core [882]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA - (.Catalina Group Ltd..) -- C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA.job [934]
O39 - APT: CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA - (.Catalina Group Ltd..) -- C:\Windows\System32\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA [934]
O39 - APT: - (..) -- C:\Windows\Tasks\DriverEasy Scheduled Scan.job [404]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\DriverEasy Scheduled Scan [404]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000Core [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2117434112-3775733973-933475781-1000UA [924]
O39 - APT: - (..) -- C:\Windows\Tasks\SlimDrivers Startup.job [384]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\SlimDrivers Startup [384]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 87 Legitimates Filtered in 00mn 23s
---\\ Software instalados (042)
O42 - Logiciel: Citrio - (.© CATALINA GROUP LTD..) [HKCU] -- Citrio
O42 - Logiciel: ZaraRadioStudio 2 - (...) [HKLM] -- ZaraRadioStudio 2
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\ZaraSoft]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\ZaraSoft]
~ Key Software: 164 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2014 - 15:31:56 - [] ----D C:\Program Files\Free MIDI to MP3 Converter
O43 - CFD: 12/12/2013 - 11:01:11 - [] ----D C:\Program Files\ZaraSoft
O43 - CFD: 04/05/2014 - 22:18:44 - [] ----D C:\ProgramData\IconCache
O43 - CFD: 19/02/2014 - 12:55:02 - [] ----D C:\Users\Luis\AppData\Roaming\Media Freeware
O43 - CFD: 04/06/2014 - 15:18:55 - [] ----D C:\Users\Luis\AppData\Roaming\wi_upd
O43 - CFD: 05/11/2013 - 23:14:52 - [] ----D C:\Users\Luis\AppData\Local\Ares
O43 - CFD: 28/11/2013 - 19:25:50 - [] ----D C:\Users\Luis\AppData\Local\ZaraRadio
O43 - CFD: 04/06/2014 - 17:43:32 - [] ----D C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrio
O43 - CFD: 12/12/2013 - 11:01:11 - [] ----D C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZaraRadioStudio 2
~ Program Folder: 149 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.01447EC8778B766821EF0774EF4A8254] - 04/06/2014 - 11:05:28 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [127896]
O44 - LFC:[MD5.C2B26E3DB8B071E97C46B5903BE8B301] - 04/06/2014 - 11:05:28 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663606]
O44 - LFC:[MD5.4B6BB3C63C9EB45DF53DEFBFA5C7A64D] - 04/06/2014 - 12:23:11 ---A- . (...) -- C:\zoek-results2014-06-04-152311.log [18725]
O44 - LFC:[MD5.D30F60DFB4EABBC440452A2E88690180] - 06/06/2014 - 10:54:52 ---A- . (...) -- C:\zoek-results2014-06-06-135452.log [16257]
O44 - LFC:[MD5.75A8EE6F0917AD9355367DBF25DB8415] - 06/06/2014 - 10:54:55 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464]
O44 - LFC:[MD5.F0AAC59D5E1825F26E2C06B43AF11F9A] - 06/06/2014 - 11:41:47 ---A- . (...) -- C:\zoek-results.log [6620]
~ Files: 15 Legitimates Filtered in 00mn 01s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\CatalinaGroup Update [Key] . (.Catalina Group Ltd. - CatalinaGroup Update.) -- C:\Users\Luis\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [49536]
O58 - SDL:01/04/2014 - 13:05:56 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/06/2014 - 10:54:55 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 71 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 08/05/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 20/03/2014 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) - LEGACY_KNEPS
O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 122 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.F70298FA0F839A335590B876CD43C6C6] [SPRF][20/03/2014] (...) -- C:\Users\Luis\AppData\Roaming\1D959CA221C7573.sys [24]
[MD5.F70298FA0F839A335590B876CD43C6C6] [SPRF][20/03/2014] (...) -- C:\Users\Luis\AppData\Roaming\System5908ConfigCollection.dat [24]
[MD5.69EE922EB3BF217DB8119314FD7067AE] [SPRF][22/03/2014] (.DAMN - DAMN keymaker.) -- C:\Users\Luis\Desktop\damn_MP3Plugin_kg.exe [421444]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{B9B33EB3-9932-4A19-B6C6-7B613AD9D5FE}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Luis\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{FD65F0DC-FA2E-46F1-9F9E-5C6078839337}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Luis\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_RASAPI32 =>PUP.SizlSearch
HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_RASMANCS =>PUP.SizlSearch
~ BTK: 72 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/11/2013 79360 | (Creative Audio Engine Licensing Service) . (.Creative Labs.) - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
SS - | Auto 05/11/2013 8192 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 09/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 20/03/2014 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ Scâner Aditional (088)
Database Version : 13026 - (06/06/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
~ Additionnel Scan: 215945 Items scanned in 00mn 16s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Proxy Management (R5)
~ AMI: 1 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SizlSearch
~ MSI: 3 link(s) detected in 00mn 00s
~ 736 Legitimates filtered by white list
End of the scan (462 lines in 01mn 26s)(0)
Luis Francisco- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 05/06/2014
Idade : 62
Localização : Fartura -
Re: Problemas com Baidu
por Power Max Sex 06 Jun 2014, 14:53
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________________________
Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em negrito abaixo para ser analisado:C:\Users\Luis\AppData\Roaming\1D959CA221C7573.sys
Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.
Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
____________________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu
por Danii Seg 23 Jun 2014, 11:21
TÓPICO ARQUIVADO
Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Tópicos semelhantes» Problemas com Baidu
» Estou com problemas para remover o Baidu
» Problemas com Hao 123 e Baidu
» Problemas com o Baidu Security..
» Problemas no pc
» Estou com problemas para remover o Baidu
» Problemas com Hao 123 e Baidu
» Problemas com o Baidu Security..
» Problemas no pc
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|