Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 22 usuários online :: 0 registrados, 0 invisíveis e 22 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
virus, malware, baidu, anyprotect, adwares...
2 participantes
Página 1 de 1
virus, malware, baidu, anyprotect, adwares...
olá bom dia a todos
de acordo com a descrição
todas essas pragas foram instaladas
quando fui a caixa de dicas para baixar avira onde foi me redirecionado
ao baixaki
o pior é que na instalação do antivirus eu cliquei em decline em todos os
quesitos
agora nem adblock é funcional
pois o AnyProtect
é um tipo de programa instalado em minha maquina
sendo assim não tem como bloquear
por onde começo?
de acordo com a descrição
todas essas pragas foram instaladas
quando fui a caixa de dicas para baixar avira onde foi me redirecionado
ao baixaki
o pior é que na instalação do antivirus eu cliquei em decline em todos os
quesitos
agora nem adblock é funcional
pois o AnyProtect
é um tipo de programa instalado em minha maquina
sendo assim não tem como bloquear
por onde começo?
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
/!\ Bom Dia! Aldemir /!\
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!
> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!
A+
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!
> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: virus, malware, baidu, anyprotect, adwares...
Bom dia joram
Obrigado por responder
bem
ao usar ZHPdiag
surgiu a seguinte janela:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
caso eu tenha feito algo de errado e não consiga visualizar diz assim:
erreur: erreur de socket n° 10060
délai de connexion dépassé.
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
Ops falha minha
demorei mas chegou
ZHPdiag:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
demorei mas chegou
ZHPdiag:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
/!\ Boa Tarde! Aldemir /!\
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
ProxyFix
HiddenFix
[MD5.3756AF3DECE011FEDEAFC929B56CBCDF] [APT] [94A46359-5537-4201-BEFD-1EC63DFD0943] (.Baidu Inc..) -- C:\ProgramData\Baidu Security\PC_Faster_Setup_Mini_GL16.exe [1108512]
[MD5.89936BB6B05450486FE504BF741F4386] [SPRF][16/01/2015] (.Sense+ - Sense exe.) -- C:\Users\Aldemir\AppData\Roaming\MJNQWZAR.exe [2030560]
[MD5.57FB94A17D58CBE38F009CD4AF584C5D] [SPRF][16/01/2015] (.Cinema PlusV16.01 - CinemaP-1.9cV16.01 exe.) -- C:\Users\Aldemir\AppData\Roaming\VBLU.exe [2030560]
[MD5.00000000000000000000000000000000] [APT] [2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7] (...) -- C:\Program Files\Ge-Force\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0]
[MD5.FEB2AA8F30800CA59BEFE91AD2E97A6D] [APT] [BlockAndSurf Update] (...) -- C:\Program Files\ver8BlockAndSurf\J6BlockAndSurfR79.exe [749056]
[MD5.D858BA2EE718B1DB1CED20646E641D08] [APT] [globalUpdateUpdateTaskMachineCore] (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608]
[MD5.D858BA2EE718B1DB1CED20646E641D08] [APT] [globalUpdateUpdateTaskMachineUA] (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608]
[MD5.89936BB6B05450486FE504BF741F4386] [APT] [MJNQWZAR] (.Sense+.) -- C:\Users\Aldemir\AppData\Roaming\MJNQWZAR.exe [2030560]
[MD5.DC4673F5FD4433E32FA9D67C7B8663DA] [APT] [ShopperPro] (.Goobzo LTD.) -- C:\Program Files\ShopperPro\ShopperPro.exe [1111400]
[MD5.3BC3F4A25066785703F5E2CF32B891DF] [APT] [ShopperProJSUpd] (.Goobzo.) -- C:\Program Files\ShopperPro\updater.exe [748392]
[MD5.F524099338597504AE0C886F7142D420] [APT] [SPDriver] (...) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe [3224576]
[MD5.57FB94A17D58CBE38F009CD4AF584C5D] [APT] [VBLU] (.Cinema PlusV16.01.) -- C:\Users\Aldemir\AppData\Roaming\VBLU.exe [2030560]
[MD5.399D14B9BC91E876C33D728B5B463AA5] [APT] [YTDownloader] (.YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe [1988456]
[MD5.D649FA79DBA8FFE2587CCFC07DE1F7B7] [APT] [YTDownloaderUpd] (.Goobzo.) -- C:\Program Files\YTDownloader\updater.exe [748392]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
[MD5.FEB2AA8F30800CA59BEFE91AD2E97A6D] - (.No owner - Installation support.) -- C:\Program Files\ver8BlockAndSurf\J6BlockAndSurfR79.exe [749056] [PID.988]
[MD5.D6C85270D8BF676BC6A88A81457ED445] - (.No owner - Surfing surfing.) -- C:\Program Files\ver8BlockAndSurf\BlockAndSurf.exe [129536] [PID.2000]
[MD5.A8337BFB411F2714526C6CE04F3081C0] - (...) -- C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe [268288] [PID.2816]
[MD5.F524099338597504AE0C886F7142D420] - (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe [3224576] [PID.2984]
SS - | Auto 16/01/2015 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 16/01/2015 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SR - | Auto 16/01/2015 464384 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
SR - | Auto 28/12/2014 158864 | (IHProtect Service) . (.XTab system.) - C:\Program Files\XTab\ProtectService.exe
M2 - MFEP: RegExtension {6133A0A2-05C7-C9F9-E975-A9196BC5A539} . (...) -- C:\Program Files\ver8BlockAndSurf\186.xpi
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files\XTab\SupTab.dll
O2 - BHO: BlockAndSurf - {82854976-2CD7-41B6-70E8-7921A8CE498D} . (...) -- C:\Program Files\ver8BlockAndSurf\186.dll
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} . (.Goobzo Ltd. - ShopperPro Extension.) -- C:\ProgramData\ShopperPro\ShopperPro.dll
O4 - HKLM\..\Run: [WinCheck] . (...) -- C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe
O4 - HKLM\..\Run: [SPDriver] . (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
O4 - HKLM\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe
O4 - HKCU\..\Run: [SPDriver] . (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
O4 - HKCU\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe
O4 - HKUS\S-1-5-21-2887622060-1900363798-2962781400-1000\..\Run: [SPDriver] . (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
O4 - HKUS\S-1-5-21-2887622060-1900363798-2962781400-1000\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Service.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files\XTab\ProtectService.exe
O39 - APT: - (..) -- C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-6.job [5732]
O39 - APT: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7 - (...) -- C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7.job [5828]
O39 - APT: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7 - (...) -- C:\Windows\System32\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7 [5828]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [366]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [366]
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [364]
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [364]
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [364]
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [364]
O39 - APT: BlockAndSurf Update - (...) -- C:\Windows\Tasks\BlockAndSurf Update.job [404]
O39 - APT: BlockAndSurf Update - (...) -- C:\Windows\System32\Tasks\BlockAndSurf Update [404]
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [962]
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [962]
O39 - APT: globalUpdateUpdateTaskMachineUA - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [966]
O39 - APT: globalUpdateUpdateTaskMachineUA - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [966]
O39 - APT: VBLU - (.Cinema PlusV16.01.) -- C:\Windows\Tasks\VBLU.job [1342]
O39 - APT: VBLU - (.Cinema PlusV16.01.) -- C:\Windows\System32\Tasks\VBLU [1342]
O39 - APT: MJNQWZAR - (.Sense+.) -- C:\Windows\Tasks\MJNQWZAR.job [1598]
O39 - APT: MJNQWZAR - (.Sense+.) -- C:\Windows\System32\Tasks\MJNQWZAR [1598]
O42 - Logiciel: BlockAndSurf - (.BlockAndSurf-software.) [HKLM] -- F8CFC13F-EFA5-68FA-078F-B0E51C8A5AA1
O42 - Logiciel: GamesDesktop 020.100 - (.GAMESDESKTOP.) [HKLM] -- gmsd_br_100_is1
O42 - Logiciel: Ge-Force - (.Webar.) [HKLM] -- Ge-Force
O42 - Logiciel: Sense - (.Sense+.) [HKLM] -- Sense
O42 - Logiciel: Shopper-Pro - (...) [HKLM] -- ShopperPro
O42 - Logiciel: WinCheck - (.WinCheck.) [HKLM] -- wincheck
O42 - Logiciel: YTDownloader - (.YTDownloader.) [HKLM] -- YTDownloader
O43 - CFD: 10/12/2014 - 18:48:40 - [] ----D C:\ProgramData\APN
O44 - LFC:[MD5.1712807A9C919FD1DA58640FFB97D7C0] - 16/01/2015 - 06:14:33 ---A- . (.Corsica - Web Instrumentation New Driver.) -- C:\Windows\System32\Drivers\webinstrNHKT.sys [49216]
O45 - LFCP:[MD5.E8C410F962C537DED9090CBFF588E270] - 16/01/2015 - 01:47:16 ---A- - C:\Windows\Prefetch\JAN7_COR_OMIGA-PLUS.EXE-E70B27F2.pf
O45 - LFCP:[MD5.05A34FEC5ADC83DBB18E5D7F8F3AA681] - 16/01/2015 - 06:14:53 ---A- - C:\Windows\Prefetch\WPM_V20.0.0.1714.EXE-E6EC7893.pf
O58 - SDL:16/01/2015 - 06:14:33 ---A- . (.Corsica - Web Instrumentation New Driver.) -- C:\Windows\System32\Drivers\webinstrNHKT.sys [49216]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\Temp\Cyti Web\CytiWeb.mg.exe [247024]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleCrashHandler.exe [72872]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleUpdate.exe [68608]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleUpdateBroker.exe [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleUpdateOnDemand.exe [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\goopdate.dll [761856]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\goopdateres_en.dll [26792]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\npGoogleUpdate4.dll [220672]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\psmachine.dll [155648]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\psuser.dll [155648]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleCrashHandler.exe [72872]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleUpdate.exe [68608]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleUpdateBroker.exe [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleUpdateOnDemand.exe [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\goopdate.dll [761856]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\goopdateres_en.dll [26792]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\npGoogleUpdate4.dll [220672]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\psmachine.dll [155648]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\psuser.dll [155648]
O61 - LFC: 16/01/2015 - 10:38:05 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\Temp\Install_18055\ins_shopperpro.exe [2691353]
O61 - LFC: 16/01/2015 - 10:38:06 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe [268288]
O61 - LFC: 16/01/2015 - 10:38:06 ---A- . (.Sense+.) -- C:\Users\Aldemir\AppData\Roaming\MJNQWZAR.exe [2030560]
O61 - LFC: 16/01/2015 - 10:38:06 ---A- . (.wincheck.) -- C:\Users\Aldemir\AppData\Local\wincheck\Uninstall.exe [91929]
O61 - LFC: 16/01/2015 - 10:38:07 ---A- . (.Cinema PlusV16.01.) -- C:\Users\Aldemir\AppData\Roaming\VBLU.exe [2030560]
O64 - Services: CurCS - 15/01/2015 - C:\Program Files\YTDOWN~1\sbmntr.sys (sbmntr) .(.YTDownloader - YTDownloader Driver.) - LEGACY_SBMNTR
O64 - Services: CurCS - 15/01/2015 - C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.sys (SPDRIVER_1473.0.0.0) .(.No owner - jsdrv.) - LEGACY_SPDRIVER_1473.0.0.0
O64 - Services: CurCS - 16/01/2015 - C:\Windows\system32\Drivers\webinstrNHKT.sys (webinstrNHKT) .(.Corsica - Web Instrumentation New Driver.) - LEGACY_WEBINSTRNHKT
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
[HKLM\Software\Conduit]
[HKCU\Software\Conduit]
[HKCU\Software\AnyProtect]
[HKCU\Software\AppDataLow\Software\BlockAndSurf]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\InstallCore]
[HKCU\Software\InstalledBrowserExtensions]
[HKCU\Software\TutoTag]
[HKCU\Software\Tutorials]
[HKCU\Software\YTDownloader]
[HKCU\Software\globalUpdate]
[HKLM\Software\GAMESDESKTOP]
[HKLM\Software\GlobalUpdate]
[HKLM\Software\InstalledBrowserExtensions]
[HKLM\Software\SupDp]
[HKLM\Software\Tutorials]
[HKLM\Software\supTab]
[HKLM\Software\supWindowsMangerProtect]
[HKLM\Software\sweet-pageSoftware]
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin)
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher)
[HKCR\CLSID\{82854976-2CD7-41B6-70E8-7921A8CE498D}] (BlockAndSurf)
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82854976-2CD7-41B6-70E8-7921A8CE498D}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
[HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate) (globalUpdate]
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\F8CFC13F-EFA5-68FA-078F-B0E51C8A5AA1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_br_100_is1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wincheck]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
[HKCU\Software\InstalledBrowserExtensions\]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:WinCheck
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SPDriver
C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {6133A0A2-05C7-C9F9-E975-A9196BC5A539} . (...) -- C:\extensions\Program Files\ver8BlockAndSurf\186.xpi
C:\Program Files\ver8BlockAndSurf\J6BlockAndSurfR79.exe
C:\Program Files\ver8BlockAndSurf\BlockAndSurf.exe
C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe
C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
C:\Program Files\ShopperPro\ShopperPro.exe
C:\Program Files\ShopperPro\updater.exe
C:\Users\Aldemir\AppData\Roaming\VBLU.exe
C:\Program Files\YTDownloader\YTDownloader.exe
C:\Program Files\YTDownloader\updater.exe
C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-6.job
C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7.job
C:\Windows\System32\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
C:\Windows\Tasks\APSnotifierPP1.job
C:\Windows\System32\Tasks\APSnotifierPP1
C:\Windows\Tasks\APSnotifierPP2.job
C:\Windows\System32\Tasks\APSnotifierPP2
C:\Windows\Tasks\APSnotifierPP3.job
C:\Windows\System32\Tasks\APSnotifierPP3
C:\Windows\Tasks\BlockAndSurf Update.job
C:\Windows\System32\Tasks\BlockAndSurf Update
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
C:\Windows\Tasks\VBLU.job
C:\Windows\System32\Tasks\VBLU
C:\Program Files\Ge-Force
C:\Program Files\globalUpdate
C:\Program Files\Hotspot Shield
C:\Program Files\Sense
C:\Program Files\ShopperPro
C:\Program Files\ver8BlockAndSurf
C:\Program Files\YTDownloader
C:\ProgramData\ShopperPro
C:\Program Files\XTab\ProtectService.exe
C:\ProgramData\WindowsMangerProtect
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
C:\Users\Aldemir\AppData\Roaming\AnyProtectEx
C:\Users\Aldemir\AppData\Roaming\Hotspot Shield
C:\Users\Aldemir\AppData\Roaming\sweet-page
C:\Users\Aldemir\AppData\Local\app
C:\Users\Aldemir\AppData\Local\globalUpdate
C:\Users\Aldemir\AppData\Local\wincheck
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
ServiceStop:globalUpdate
ServiceStop:WindowsMangerProtect
ServiceStop:"IHProtect Service"
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
A+
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
ProxyFix
HiddenFix
[MD5.3756AF3DECE011FEDEAFC929B56CBCDF] [APT] [94A46359-5537-4201-BEFD-1EC63DFD0943] (.Baidu Inc..) -- C:\ProgramData\Baidu Security\PC_Faster_Setup_Mini_GL16.exe [1108512]
[MD5.89936BB6B05450486FE504BF741F4386] [SPRF][16/01/2015] (.Sense+ - Sense exe.) -- C:\Users\Aldemir\AppData\Roaming\MJNQWZAR.exe [2030560]
[MD5.57FB94A17D58CBE38F009CD4AF584C5D] [SPRF][16/01/2015] (.Cinema PlusV16.01 - CinemaP-1.9cV16.01 exe.) -- C:\Users\Aldemir\AppData\Roaming\VBLU.exe [2030560]
[MD5.00000000000000000000000000000000] [APT] [2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7] (...) -- C:\Program Files\Ge-Force\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP1] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP2] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [APSnotifierPP3] (...) -- C:\Program Files\AnyProtectEx\AnyProtect.exe (.not file.) [0]
[MD5.FEB2AA8F30800CA59BEFE91AD2E97A6D] [APT] [BlockAndSurf Update] (...) -- C:\Program Files\ver8BlockAndSurf\J6BlockAndSurfR79.exe [749056]
[MD5.D858BA2EE718B1DB1CED20646E641D08] [APT] [globalUpdateUpdateTaskMachineCore] (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608]
[MD5.D858BA2EE718B1DB1CED20646E641D08] [APT] [globalUpdateUpdateTaskMachineUA] (.globalUpdate.) -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608]
[MD5.89936BB6B05450486FE504BF741F4386] [APT] [MJNQWZAR] (.Sense+.) -- C:\Users\Aldemir\AppData\Roaming\MJNQWZAR.exe [2030560]
[MD5.DC4673F5FD4433E32FA9D67C7B8663DA] [APT] [ShopperPro] (.Goobzo LTD.) -- C:\Program Files\ShopperPro\ShopperPro.exe [1111400]
[MD5.3BC3F4A25066785703F5E2CF32B891DF] [APT] [ShopperProJSUpd] (.Goobzo.) -- C:\Program Files\ShopperPro\updater.exe [748392]
[MD5.F524099338597504AE0C886F7142D420] [APT] [SPDriver] (...) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe [3224576]
[MD5.57FB94A17D58CBE38F009CD4AF584C5D] [APT] [VBLU] (.Cinema PlusV16.01.) -- C:\Users\Aldemir\AppData\Roaming\VBLU.exe [2030560]
[MD5.399D14B9BC91E876C33D728B5B463AA5] [APT] [YTDownloader] (.YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe [1988456]
[MD5.D649FA79DBA8FFE2587CCFC07DE1F7B7] [APT] [YTDownloaderUpd] (.Goobzo.) -- C:\Program Files\YTDownloader\updater.exe [748392]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified
[MD5.FEB2AA8F30800CA59BEFE91AD2E97A6D] - (.No owner - Installation support.) -- C:\Program Files\ver8BlockAndSurf\J6BlockAndSurfR79.exe [749056] [PID.988]
[MD5.D6C85270D8BF676BC6A88A81457ED445] - (.No owner - Surfing surfing.) -- C:\Program Files\ver8BlockAndSurf\BlockAndSurf.exe [129536] [PID.2000]
[MD5.A8337BFB411F2714526C6CE04F3081C0] - (...) -- C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe [268288] [PID.2816]
[MD5.F524099338597504AE0C886F7142D420] - (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe [3224576] [PID.2984]
SS - | Auto 16/01/2015 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 16/01/2015 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
SR - | Auto 16/01/2015 464384 | (WindowsMangerProtect) . (.SysTool PasSame LIMITED.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
SR - | Auto 28/12/2014 158864 | (IHProtect Service) . (.XTab system.) - C:\Program Files\XTab\ProtectService.exe
M2 - MFEP: RegExtension {6133A0A2-05C7-C9F9-E975-A9196BC5A539} . (...) -- C:\Program Files\ver8BlockAndSurf\186.xpi
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=10] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
P2 - FPN: [HKLM] [@staging.google.com/globalUpdate Update;version=4] - (.globalUpdate - globalUpdate Update.) -- C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files\XTab\SupTab.dll
O2 - BHO: BlockAndSurf - {82854976-2CD7-41B6-70E8-7921A8CE498D} . (...) -- C:\Program Files\ver8BlockAndSurf\186.dll
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} . (.Goobzo Ltd. - ShopperPro Extension.) -- C:\ProgramData\ShopperPro\ShopperPro.dll
O4 - HKLM\..\Run: [WinCheck] . (...) -- C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe
O4 - HKLM\..\Run: [SPDriver] . (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
O4 - HKLM\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe
O4 - HKCU\..\Run: [SPDriver] . (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
O4 - HKCU\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe
O4 - HKUS\S-1-5-21-2887622060-1900363798-2962781400-1000\..\Run: [SPDriver] . (.No owner - JsDriver.) -- C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
O4 - HKUS\S-1-5-21-2887622060-1900363798-2962781400-1000\..\Run: [YTDownloader] . (.YTDownloader - YTDownloader.) -- C:\Program Files\YTDownloader\YTDownloader.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) . (.SysTool PasSame LIMITED - Windows SysTool Service.) - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: IHProtect Service (IHProtect Service) . (.XTab system - ProtectSvc.exe.) - C:\Program Files\XTab\ProtectService.exe
O39 - APT: - (..) -- C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-6.job [5732]
O39 - APT: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7 - (...) -- C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7.job [5828]
O39 - APT: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7 - (...) -- C:\Windows\System32\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7 [5828]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\Tasks\APSnotifierPP1.job [366]
O39 - APT: APSnotifierPP1 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP1 [366]
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\Tasks\APSnotifierPP2.job [364]
O39 - APT: APSnotifierPP2 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP2 [364]
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\Tasks\APSnotifierPP3.job [364]
O39 - APT: APSnotifierPP3 - (...) -- C:\Windows\System32\Tasks\APSnotifierPP3 [364]
O39 - APT: BlockAndSurf Update - (...) -- C:\Windows\Tasks\BlockAndSurf Update.job [404]
O39 - APT: BlockAndSurf Update - (...) -- C:\Windows\System32\Tasks\BlockAndSurf Update [404]
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [962]
O39 - APT: globalUpdateUpdateTaskMachineCore - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [962]
O39 - APT: globalUpdateUpdateTaskMachineUA - (.globalUpdate.) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [966]
O39 - APT: globalUpdateUpdateTaskMachineUA - (.globalUpdate.) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [966]
O39 - APT: VBLU - (.Cinema PlusV16.01.) -- C:\Windows\Tasks\VBLU.job [1342]
O39 - APT: VBLU - (.Cinema PlusV16.01.) -- C:\Windows\System32\Tasks\VBLU [1342]
O39 - APT: MJNQWZAR - (.Sense+.) -- C:\Windows\Tasks\MJNQWZAR.job [1598]
O39 - APT: MJNQWZAR - (.Sense+.) -- C:\Windows\System32\Tasks\MJNQWZAR [1598]
O42 - Logiciel: BlockAndSurf - (.BlockAndSurf-software.) [HKLM] -- F8CFC13F-EFA5-68FA-078F-B0E51C8A5AA1
O42 - Logiciel: GamesDesktop 020.100 - (.GAMESDESKTOP.) [HKLM] -- gmsd_br_100_is1
O42 - Logiciel: Ge-Force - (.Webar.) [HKLM] -- Ge-Force
O42 - Logiciel: Sense - (.Sense+.) [HKLM] -- Sense
O42 - Logiciel: Shopper-Pro - (...) [HKLM] -- ShopperPro
O42 - Logiciel: WinCheck - (.WinCheck.) [HKLM] -- wincheck
O42 - Logiciel: YTDownloader - (.YTDownloader.) [HKLM] -- YTDownloader
O43 - CFD: 10/12/2014 - 18:48:40 - [] ----D C:\ProgramData\APN
O44 - LFC:[MD5.1712807A9C919FD1DA58640FFB97D7C0] - 16/01/2015 - 06:14:33 ---A- . (.Corsica - Web Instrumentation New Driver.) -- C:\Windows\System32\Drivers\webinstrNHKT.sys [49216]
O45 - LFCP:[MD5.E8C410F962C537DED9090CBFF588E270] - 16/01/2015 - 01:47:16 ---A- - C:\Windows\Prefetch\JAN7_COR_OMIGA-PLUS.EXE-E70B27F2.pf
O45 - LFCP:[MD5.05A34FEC5ADC83DBB18E5D7F8F3AA681] - 16/01/2015 - 06:14:53 ---A- - C:\Windows\Prefetch\WPM_V20.0.0.1714.EXE-E6EC7893.pf
O58 - SDL:16/01/2015 - 06:14:33 ---A- . (.Corsica - Web Instrumentation New Driver.) -- C:\Windows\System32\Drivers\webinstrNHKT.sys [49216]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\Temp\Cyti Web\CytiWeb.mg.exe [247024]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleCrashHandler.exe [72872]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleUpdate.exe [68608]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleUpdateBroker.exe [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\GoogleUpdateOnDemand.exe [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\goopdate.dll [761856]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\goopdateres_en.dll [26792]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\npGoogleUpdate4.dll [220672]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\psmachine.dll [155648]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.240464\psuser.dll [155648]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleCrashHandler.exe [72872]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleUpdate.exe [68608]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleUpdateBroker.exe [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\GoogleUpdateOnDemand.exe [46080]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\goopdate.dll [761856]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\goopdateres_en.dll [26792]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\npGoogleUpdate4.dll [220672]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\psmachine.dll [155648]
O61 - LFC: 16/01/2015 - 10:38:04 ---A- . (.globalUpdate.) -- C:\Users\Aldemir\AppData\Local\Temp\comh.79266\psuser.dll [155648]
O61 - LFC: 16/01/2015 - 10:38:05 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\Temp\Install_18055\ins_shopperpro.exe [2691353]
O61 - LFC: 16/01/2015 - 10:38:06 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe [268288]
O61 - LFC: 16/01/2015 - 10:38:06 ---A- . (.Sense+.) -- C:\Users\Aldemir\AppData\Roaming\MJNQWZAR.exe [2030560]
O61 - LFC: 16/01/2015 - 10:38:06 ---A- . (.wincheck.) -- C:\Users\Aldemir\AppData\Local\wincheck\Uninstall.exe [91929]
O61 - LFC: 16/01/2015 - 10:38:07 ---A- . (.Cinema PlusV16.01.) -- C:\Users\Aldemir\AppData\Roaming\VBLU.exe [2030560]
O64 - Services: CurCS - 15/01/2015 - C:\Program Files\YTDOWN~1\sbmntr.sys (sbmntr) .(.YTDownloader - YTDownloader Driver.) - LEGACY_SBMNTR
O64 - Services: CurCS - 15/01/2015 - C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.sys (SPDRIVER_1473.0.0.0) .(.No owner - jsdrv.) - LEGACY_SPDRIVER_1473.0.0.0
O64 - Services: CurCS - 16/01/2015 - C:\Windows\system32\Drivers\webinstrNHKT.sys (webinstrNHKT) .(.Corsica - Web Instrumentation New Driver.) - LEGACY_WEBINSTRNHKT
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
[HKLM\Software\Conduit]
[HKCU\Software\Conduit]
[HKCU\Software\AnyProtect]
[HKCU\Software\AppDataLow\Software\BlockAndSurf]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\InstallCore]
[HKCU\Software\InstalledBrowserExtensions]
[HKCU\Software\TutoTag]
[HKCU\Software\Tutorials]
[HKCU\Software\YTDownloader]
[HKCU\Software\globalUpdate]
[HKLM\Software\GAMESDESKTOP]
[HKLM\Software\GlobalUpdate]
[HKLM\Software\InstalledBrowserExtensions]
[HKLM\Software\SupDp]
[HKLM\Software\Tutorials]
[HKLM\Software\supTab]
[HKLM\Software\supWindowsMangerProtect]
[HKLM\Software\sweet-pageSoftware]
[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}] (globalUpdate Update Plugin)
[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}] (globalUpdate.OneClickProcessLauncher)
[HKCR\CLSID\{82854976-2CD7-41B6-70E8-7921A8CE498D}] (BlockAndSurf)
[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}] (globalUpdate Update Plugin)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82854976-2CD7-41B6-70E8-7921A8CE498D}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
[HKLM\SYSTEM\CurrentControlSet\Services\globalUpdate) (globalUpdate]
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\F8CFC13F-EFA5-68FA-078F-B0E51C8A5AA1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_br_100_is1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wincheck]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
[HKCU\Software\InstalledBrowserExtensions\]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:WinCheck
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SPDriver
C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {6133A0A2-05C7-C9F9-E975-A9196BC5A539} . (...) -- C:\extensions\Program Files\ver8BlockAndSurf\186.xpi
C:\Program Files\ver8BlockAndSurf\J6BlockAndSurfR79.exe
C:\Program Files\ver8BlockAndSurf\BlockAndSurf.exe
C:\Users\Aldemir\AppData\Local\wincheck\wincheck.exe
C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
C:\Program Files\ShopperPro\ShopperPro.exe
C:\Program Files\ShopperPro\updater.exe
C:\Users\Aldemir\AppData\Roaming\VBLU.exe
C:\Program Files\YTDownloader\YTDownloader.exe
C:\Program Files\YTDownloader\updater.exe
C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-6.job
C:\Windows\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7.job
C:\Windows\System32\Tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
C:\Windows\Tasks\APSnotifierPP1.job
C:\Windows\System32\Tasks\APSnotifierPP1
C:\Windows\Tasks\APSnotifierPP2.job
C:\Windows\System32\Tasks\APSnotifierPP2
C:\Windows\Tasks\APSnotifierPP3.job
C:\Windows\System32\Tasks\APSnotifierPP3
C:\Windows\Tasks\BlockAndSurf Update.job
C:\Windows\System32\Tasks\BlockAndSurf Update
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
C:\Windows\Tasks\VBLU.job
C:\Windows\System32\Tasks\VBLU
C:\Program Files\Ge-Force
C:\Program Files\globalUpdate
C:\Program Files\Hotspot Shield
C:\Program Files\Sense
C:\Program Files\ShopperPro
C:\Program Files\ver8BlockAndSurf
C:\Program Files\YTDownloader
C:\ProgramData\ShopperPro
C:\Program Files\XTab\ProtectService.exe
C:\ProgramData\WindowsMangerProtect
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
C:\Users\Aldemir\AppData\Roaming\AnyProtectEx
C:\Users\Aldemir\AppData\Roaming\Hotspot Shield
C:\Users\Aldemir\AppData\Roaming\sweet-page
C:\Users\Aldemir\AppData\Local\app
C:\Users\Aldemir\AppData\Local\globalUpdate
C:\Users\Aldemir\AppData\Local\wincheck
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
ServiceStop:globalUpdate
ServiceStop:WindowsMangerProtect
ServiceStop:"IHProtect Service"
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
A+
Última edição por joram em Sáb 17 Jan 2015, 16:01, editado 1 vez(es)
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: virus, malware, baidu, anyprotect, adwares...
Boa tarde joram
em uio me apareceu este log :
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Paint.lnk=@%SystemRoot%\system32\shell32.dll,-22054
e em non este daqui:
Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by Aldemir at 16/01/2015 15:12:10
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\ver8blockandsurf\uninstall.exe
ELIMINÉ: GamesDesktop 020.100
AUSENTE Uninstall Process: c:\program files\ge-force\uninstall.exe
AUSENTE Uninstall Process: c:\program files\sense\uninstall.exe
AUSENTE Uninstall Process: c:\program files\shopperpro\spremove.exe
AUSENTE Uninstall Process: c:\users\aldemir\appdata\local\wincheck\uninstall.exe
AUSENTE Uninstall Process: c:\program files\ytdownloader\ytduninstall.exe
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
ELIMINÉ: Memory Process: C:\Program Files\ShopperPro\ShopperPro.exe
ELIMINÉ: Memory Process: C:\Program Files\ShopperPro\updater.exe
ELIMINÉ: Memory Process: C:\Program Files\YTDownloader\updater.exe
ELIMINÉ: Memory Process: C:\Program Files\XTab\ProtectService.exe
========== Estado dos serviços ==========
SBMNTR Parado
SPDRIVER_1473.0.0.0 Parado
WEBINSTRNHKT Parado
globalUpdate Parado
WindowsMangerProtect Parado
"IHProtect Service" Parado
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F8CFC13F-EFA5-68FA-078F-B0E51C8A5AA1]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
ELIMINÉ: Service: globalUpdate
ELIMINÉ: Service: globalUpdatem
ELIMINÉ: Service: WindowsMangerProtect
ELIMINÉ: Service: IHProtect Service
ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=10
ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=4
ELIMINÉ: CLSID BHO: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
ELIMINÉ: CLSID BHO: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
ELIMINÉ: HKLM\Software\Conduit
ELIMINÉ: HKCU\Software\AnyProtect
ELIMINÉ: HKCU\Software\AppDataLow\Software\BlockAndSurf
ELIMINÉ: HKCU\Software\AppDataLow\Software\Crossrider
ELIMINÉ: HKCU\Software\InstallCore
ELIMINÉ: HKCU\Software\InstalledBrowserExtensions
ELIMINÉ: HKCU\Software\TutoTag
ELIMINÉ: HKCU\Software\YTDownloader
ELIMINÉ: HKCU\Software\globalUpdate
ELIMINÉ: HKLM\Software\GAMESDESKTOP
ELIMINÉ: HKLM\Software\GlobalUpdate
ELIMINÉ: HKLM\Software\InstalledBrowserExtensions
ELIMINÉ: HKLM\Software\SupDp
ELIMINÉ: HKLM\Software\Tutorials
ELIMINÉ: HKLM\Software\supTab
ELIMINÉ: HKLM\Software\supWindowsMangerProtect
ELIMINÉ: HKLM\Software\sweet-pageSoftware
ELIMINÉ: HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
ELIMINÉ: HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
ELIMINÉ: HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
ELIMINÉ RunValue: SPDriver
ELIMINÉ RunValue: YTDownloader
========== Elementos dos dados do Registo ==========
ELIMINÉ Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ: R1 Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ: R1 Search Page = *.local
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (42)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\ProgramData\APN
ELIMINÉ: c:\program files\ge-force
ELIMINÉ: c:\program files\globalupdate
ELIMINÉ: c:\program files\hotspot shield
ELIMINÉ: c:\program files\sense
ELIMINÉ: c:\program files\shopperpro
ELIMINÉ: c:\program files\ytdownloader
ELIMINÉ: c:\programdata\shopperpro
ELIMINÉ: c:\programdata\windowsmangerprotect
ELIMINÉ: c:\users\aldemir\appdata\roaming\anyprotectex
ELIMINÉ: c:\users\aldemir\appdata\roaming\hotspot shield
ELIMINÉ: c:\users\aldemir\appdata\roaming\sweet-page
ELIMINÉ: c:\users\aldemir\appdata\local\app
ELIMINÉ: c:\users\aldemir\appdata\local\globalupdate
ELIMINÉ: c:\users\aldemir\appdata\roaming\microsoft\windows\start menu\programs\ytdownloader
========== Ficheiros ==========
ELIMINÉ Temporários windows (1285) (287.721.067 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\program files\globalupdate\update\googleupdate.exe
ELIMINA REINICIAR: c:\programdata\windowsmangerprotect\protectwindowsmanager.exe
ELIMINA REINICIAR: c:\program files\xtab\protectservice.exe
ELIMINÉ: c:\program files\globalupdate\update\1.3.25.0\npgoogleupdate4.dll
ELIMINÉ: c:\program files\xtab\suptab.dll
ELIMINÉ: c:\programdata\shopperpro\shopperpro.dll
ELIMINA REINICIAR: c:\program files\shopperpro\jsdriver\1473.0.0.0\jsdrv.exe
ELIMINÉ: c:\program files\ytdownloader\ytdownloader.exe
ELIMINÉ: c:\windows\tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-6.job
ELIMINÉ: c:\windows\prefetch\jan7_cor_omiga-plus.exe-e70b27f2.pf
ELIMINÉ: c:\windows\prefetch\wpm_v20.0.0.1714.exe-e6ec7893.pf
ELIMINÉ: c:\users\aldemir\appdata\roaming\mjnqwzar.exe
ELIMINÉ: c:\users\aldemir\appdata\roaming\vblu.exe
========== Tarefa planificada ==========
ELIMINÉ: 94A46359-5537-4201-BEFD-1EC63DFD0943
ELIMINÉ: 94A46359-5537-4201-BEFD-1EC63DFD0943
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: APSnotifierPP1
ELIMINÉ: APSnotifierPP2
ELIMINÉ: APSnotifierPP3
ELIMINÉ: BlockAndSurf Update
ELIMINÉ: BlockAndSurf Update
ELIMINÉ: globalUpdateUpdateTaskMachineCore
ELIMINÉ: globalUpdateUpdateTaskMachineCore
ELIMINÉ: globalUpdateUpdateTaskMachineUA
ELIMINÉ: MJNQWZAR
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperProJSUpd
ELIMINÉ: ShopperProJSUpd
ELIMINÉ: SPDriver
ELIMINÉ: SPDriver
ELIMINÉ: VBLU
ELIMINÉ: VBLU
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloaderUpd
ELIMINÉ: YTDownloaderUpd
========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 1 restaurados com sucesso
Ma musique (My Music) : 1 restaurados com sucesso
Ma Video (My Video) : 1 restaurados com sucesso
Mes Favoris (My Favorites) : 3 restaurados com sucesso
Mes Documents (My Documents) : 5 restaurados com sucesso
Mon Bureau (My Desktop) : 2 restaurados com sucesso
Menu demarrer (Programs) : 9 restaurados com sucesso
Dossier utilisateur (AppData) : 40 restaurados com sucesso
Programmes (Program Files) : 7 restaurados com sucesso
========== Recapitulativo ==========
5 : Processo memória
40 : Chaves do Registo
10 : Valores do Registo
3 : Elementos dos dados do Registo
18 : Pastas
15 : Ficheiros
7 : Softwares
6 : Estado dos serviços
35 : Tarefa planificada
69 : Pastas/Ficheiros ocultos restaurados
End of clean in 04mn 04s
========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/01/2015 15:12:19 [8298]
em uio me apareceu este log :
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Paint.lnk=@%SystemRoot%\system32\shell32.dll,-22054
e em non este daqui:
Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by Aldemir at 16/01/2015 15:12:10
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\ver8blockandsurf\uninstall.exe
ELIMINÉ: GamesDesktop 020.100
AUSENTE Uninstall Process: c:\program files\ge-force\uninstall.exe
AUSENTE Uninstall Process: c:\program files\sense\uninstall.exe
AUSENTE Uninstall Process: c:\program files\shopperpro\spremove.exe
AUSENTE Uninstall Process: c:\users\aldemir\appdata\local\wincheck\uninstall.exe
AUSENTE Uninstall Process: c:\program files\ytdownloader\ytduninstall.exe
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files\ShopperPro\JSDriver\1473.0.0.0\jsdrv.exe
ELIMINÉ: Memory Process: C:\Program Files\ShopperPro\ShopperPro.exe
ELIMINÉ: Memory Process: C:\Program Files\ShopperPro\updater.exe
ELIMINÉ: Memory Process: C:\Program Files\YTDownloader\updater.exe
ELIMINÉ: Memory Process: C:\Program Files\XTab\ProtectService.exe
========== Estado dos serviços ==========
SBMNTR Parado
SPDRIVER_1473.0.0.0 Parado
WEBINSTRNHKT Parado
globalUpdate Parado
WindowsMangerProtect Parado
"IHProtect Service" Parado
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\F8CFC13F-EFA5-68FA-078F-B0E51C8A5AA1]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader]
ELIMINÉ: Service: globalUpdate
ELIMINÉ: Service: globalUpdatem
ELIMINÉ: Service: WindowsMangerProtect
ELIMINÉ: Service: IHProtect Service
ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=10
ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=4
ELIMINÉ: CLSID BHO: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
ELIMINÉ: CLSID BHO: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorerInstaller_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\ContentExplorer_RASMANCS
ELIMINÉ: HKLM\Software\Conduit
ELIMINÉ: HKCU\Software\AnyProtect
ELIMINÉ: HKCU\Software\AppDataLow\Software\BlockAndSurf
ELIMINÉ: HKCU\Software\AppDataLow\Software\Crossrider
ELIMINÉ: HKCU\Software\InstallCore
ELIMINÉ: HKCU\Software\InstalledBrowserExtensions
ELIMINÉ: HKCU\Software\TutoTag
ELIMINÉ: HKCU\Software\YTDownloader
ELIMINÉ: HKCU\Software\globalUpdate
ELIMINÉ: HKLM\Software\GAMESDESKTOP
ELIMINÉ: HKLM\Software\GlobalUpdate
ELIMINÉ: HKLM\Software\InstalledBrowserExtensions
ELIMINÉ: HKLM\Software\SupDp
ELIMINÉ: HKLM\Software\Tutorials
ELIMINÉ: HKLM\Software\supTab
ELIMINÉ: HKLM\Software\supWindowsMangerProtect
ELIMINÉ: HKLM\Software\sweet-pageSoftware
ELIMINÉ: HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
ELIMINÉ: HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
ELIMINÉ: HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
ELIMINÉ RunValue: SPDriver
ELIMINÉ RunValue: YTDownloader
========== Elementos dos dados do Registo ==========
ELIMINÉ Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ: R1 Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ: R1 Search Page = *.local
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (42)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\ProgramData\APN
ELIMINÉ: c:\program files\ge-force
ELIMINÉ: c:\program files\globalupdate
ELIMINÉ: c:\program files\hotspot shield
ELIMINÉ: c:\program files\sense
ELIMINÉ: c:\program files\shopperpro
ELIMINÉ: c:\program files\ytdownloader
ELIMINÉ: c:\programdata\shopperpro
ELIMINÉ: c:\programdata\windowsmangerprotect
ELIMINÉ: c:\users\aldemir\appdata\roaming\anyprotectex
ELIMINÉ: c:\users\aldemir\appdata\roaming\hotspot shield
ELIMINÉ: c:\users\aldemir\appdata\roaming\sweet-page
ELIMINÉ: c:\users\aldemir\appdata\local\app
ELIMINÉ: c:\users\aldemir\appdata\local\globalupdate
ELIMINÉ: c:\users\aldemir\appdata\roaming\microsoft\windows\start menu\programs\ytdownloader
========== Ficheiros ==========
ELIMINÉ Temporários windows (1285) (287.721.067 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\program files\globalupdate\update\googleupdate.exe
ELIMINA REINICIAR: c:\programdata\windowsmangerprotect\protectwindowsmanager.exe
ELIMINA REINICIAR: c:\program files\xtab\protectservice.exe
ELIMINÉ: c:\program files\globalupdate\update\1.3.25.0\npgoogleupdate4.dll
ELIMINÉ: c:\program files\xtab\suptab.dll
ELIMINÉ: c:\programdata\shopperpro\shopperpro.dll
ELIMINA REINICIAR: c:\program files\shopperpro\jsdriver\1473.0.0.0\jsdrv.exe
ELIMINÉ: c:\program files\ytdownloader\ytdownloader.exe
ELIMINÉ: c:\windows\tasks\2cb6ada4-0f85-409c-a67a-ac6426dcdba6-6.job
ELIMINÉ: c:\windows\prefetch\jan7_cor_omiga-plus.exe-e70b27f2.pf
ELIMINÉ: c:\windows\prefetch\wpm_v20.0.0.1714.exe-e6ec7893.pf
ELIMINÉ: c:\users\aldemir\appdata\roaming\mjnqwzar.exe
ELIMINÉ: c:\users\aldemir\appdata\roaming\vblu.exe
========== Tarefa planificada ==========
ELIMINÉ: 94A46359-5537-4201-BEFD-1EC63DFD0943
ELIMINÉ: 94A46359-5537-4201-BEFD-1EC63DFD0943
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: 2cb6ada4-0f85-409c-a67a-ac6426dcdba6-7
ELIMINÉ: APSnotifierPP1
ELIMINÉ: APSnotifierPP2
ELIMINÉ: APSnotifierPP3
ELIMINÉ: BlockAndSurf Update
ELIMINÉ: BlockAndSurf Update
ELIMINÉ: globalUpdateUpdateTaskMachineCore
ELIMINÉ: globalUpdateUpdateTaskMachineCore
ELIMINÉ: globalUpdateUpdateTaskMachineUA
ELIMINÉ: MJNQWZAR
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperPro
ELIMINÉ: ShopperProJSUpd
ELIMINÉ: ShopperProJSUpd
ELIMINÉ: SPDriver
ELIMINÉ: SPDriver
ELIMINÉ: VBLU
ELIMINÉ: VBLU
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloader
ELIMINÉ: YTDownloaderUpd
ELIMINÉ: YTDownloaderUpd
========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 1 restaurados com sucesso
Ma musique (My Music) : 1 restaurados com sucesso
Ma Video (My Video) : 1 restaurados com sucesso
Mes Favoris (My Favorites) : 3 restaurados com sucesso
Mes Documents (My Documents) : 5 restaurados com sucesso
Mon Bureau (My Desktop) : 2 restaurados com sucesso
Menu demarrer (Programs) : 9 restaurados com sucesso
Dossier utilisateur (AppData) : 40 restaurados com sucesso
Programmes (Program Files) : 7 restaurados com sucesso
========== Recapitulativo ==========
5 : Processo memória
40 : Chaves do Registo
10 : Valores do Registo
3 : Elementos dos dados do Registo
18 : Pastas
15 : Ficheiros
7 : Softwares
6 : Estado dos serviços
35 : Tarefa planificada
69 : Pastas/Ficheiros ocultos restaurados
End of clean in 04mn 04s
========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/01/2015 15:12:19 [8298]
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
/!\ Boa Tarde! Aldemir /!\
> Siga,na ordem proposta,os procedimentos abaixo.
> Vá à esta página e execute o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ali proposto.
> Microsoft Fix it 50641 <
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Pierre13 )
> Salve-o no desktop!
> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Execute-o e clique "Go".
> Aguarde seu término,que é rápido.
> Poste o relatório! ( SFT.txt )
> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
> Acesse,para essa tarefa! < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ps: Dê início ao scan,clicando em "Examinar".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >
A+
> Siga,na ordem proposta,os procedimentos abaixo.
> Vá à esta página e execute o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ali proposto.
> Microsoft Fix it 50641 <
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Pierre13 )
> Salve-o no desktop!
> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Execute-o e clique "Go".
> Aguarde seu término,que é rápido.
> Poste o relatório! ( SFT.txt )
> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
> Acesse,para essa tarefa! < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ps: Dê início ao scan,clicando em "Examinar".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: virus, malware, baidu, anyprotect, adwares...
boa tarde joram
ocorreu a mensagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mas de acordo com o site da microsoft
tem a opção de seguir o sozinho
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
voialá
ocorreu a mensagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
mas de acordo com o site da microsoft
tem a opção de seguir o sozinho
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
voialá
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
/!\ Boa Tarde! Aldemir /!\Aldemir escreveu:tem a opção de seguir o sozinho
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Tente o seguir sozinho,mas...parece-me que o erro é direcionado ao Windows XP.
> Caso não consiga,pode abortar essa tentativa.
> Siga,então,com as demais ferramentas.
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: virus, malware, baidu, anyprotect, adwares...
boa tarde joram
o fix it sugerido é para usuarios XP
se a versão do Windows que uso é o 7
deveria ser o fix it do 7 acredito eu
a não ser que o virus instalado em meu hd esteje passando-se pelo XP camuflado de seven
de tal forma que nós não consigamos perceber
será
o fix it sugerido é para usuarios XP
se a versão do Windows que uso é o 7
deveria ser o fix it do 7 acredito eu
a não ser que o virus instalado em meu hd esteje passando-se pelo XP camuflado de seven
de tal forma que nós não consigamos perceber
será
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
poisé rapaz
eu fiquei confuso
ok
vamos lá
eu fiquei confuso
ok
vamos lá
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
/!\ Olá! Aldemir /!\Aldemir escreveu:a não ser que o virus instalado em meu hd esteje passando-se pelo XP camuflado de seven
de tal forma que nós não consigamos perceber
será [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Incoerente esta suposição! O erro foi meu mesmo,ao lhe propor o Fix it.
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: virus, malware, baidu, anyprotect, adwares...
kkk...
tudo bem
vamos nessa
tudo bem
vamos nessa
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
oi joram
aqui está o log
SFTGC
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
aqui está o log
SFTGC
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
/!\ Olá! Aldemir /!\Aldemir escreveu:oi joram
aqui está o log
SFTGC
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> Resta o relatório da ferramenta AdwCleaner.
> Provavelmente lhe pedirei novo relatório de ZHPDiag,para avaliação.
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: virus, malware, baidu, anyprotect, adwares...
oi joram
desculpa por te deixar esperando
depois de passar adwcleaner o computador foi reiniciado como de costume
a demora foi que o icone de acesso a internet ficou marcado com um X
não sabia o que fazer desliguei PC liguei novamente
tentei usar uma restauração anterior
até que porem depois de tentativas liga e desliga PC e modem
em pendrive havia lá o drive de rede por minha sorte
mas não foi fácil corrigir
até que usei corretamente desinstalei o drive e o instalei novamente
funcionou. uffa
ok
adwcleaner:
surgiu dois logs
(R0) e (S0)
aqui vai:
# AdwCleaner v4.107 - Relatório criado 16/01/2015 às 16:55:57
# Atualizado 07/01/2015 por Xplode
# Database : 2015-01-13.2 [Live]
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Aldemir - ALDEMIR-PC
# Executando de : C:\Users\Aldemir\Downloads\AdwCleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
Serviço Encontrado : globalUpdate
Serviço Encontrado : globalUpdatem
Serviço Encontrado : sbmntr
Serviço Encontrado : WindowsMangerProtect
Serviço Encontrado : IHProtect Service
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Arquivo Encontrado : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Arquivo Encontrado : C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\bKgT5aML.default\user.js
Arquivo Encontrado : C:\Users\Aldemir\Desktop\Continue Live Installation.lnk
Arquivo Encontrado : C:\Windows\system32\drivers\hssdrv6.sys
Pasta Encontrado : C:\Program Files\predm
Pasta Encontrado : C:\Program Files\XTab
Pasta Encontrado : C:\ProgramData\baidu
Pasta Encontrado : C:\ProgramData\IHProtectUpDate
Pasta Encontrado : C:\Users\Aldemir\AppData\Local\CrashRpt
Pasta Encontrado : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Pasta Encontrado : C:\Users\Aldemir\AppData\Roaming\baidu
Pasta Encontrado : C:\Users\Public\Documents\baidu
Pasta Encontrado : C:\Users\Public\Documents\ShopperPro
***** [ Tarefas ] *****
Tarefa Encontrada : SMupdate1
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\MGShareware
Chave Encontrada : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Encontrada : HKLM\SOFTWARE\Baidu
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrada : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Chave Encontrada : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Encontrada : HKLM\SOFTWARE\IHProtect
Chave Encontrada : HKLM\SOFTWARE\MGShareware
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\ShopperPro
Chave Encontrada : HKLM\SOFTWARE\YTDownloader
Chave Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v
-\\ Google Chrome v39.0.2171.99
*************************
AdwCleaner[R0].txt - [7843 octets] - [16/01/2015 16:55:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7903 octets] ##########
--------------------------------------------------------------------------------------------------------------
# AdwCleaner v4.107 - Relatório criado 16/01/2015 às 16:59:42
# Atualizado 07/01/2015 por Xplode
# Database : 2015-01-13.2 [Live]
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Aldemir - ALDEMIR-PC
# Executando de : C:\Users\Aldemir\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
[#] Serviço Deletada : sbmntr
[#] Serviço Deletada : WindowsMangerProtect
[#] Serviço Deletada : IHProtect Service
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IHProtectUpDate
Pasta Deletada : C:\Program Files\predm
Pasta Deletada : C:\Program Files\XTab
Pasta Deletada : C:\Users\Aldemir\AppData\Local\CrashRpt
Pasta Deletada : C:\Users\Aldemir\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Public\Documents\ShopperPro
Pasta Deletada : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Arquivo Deletada : C:\Windows\system32\drivers\hssdrv6.sys
Arquivo Deletada : C:\Users\Aldemir\Desktop\Continue Live Installation.lnk
Arquivo Deletada : C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\bKgT5aML.default\user.js
Arquivo Deletada : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Arquivo Deletada : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
***** [ Tarefas ] *****
Tarefa Deletedo : SMupdate1
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKCU\Software\MGShareware
Chave Deletedo : HKLM\SOFTWARE\MGShareware
Chave Deletedo : HKLM\SOFTWARE\ShopperPro
Chave Deletedo : HKLM\SOFTWARE\YTDownloader
Chave Deletedo : HKLM\SOFTWARE\Baidu
Chave Deletedo : HKLM\SOFTWARE\IHProtect
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v
-\\ Google Chrome v39.0.2171.99
*************************
AdwCleaner[R0].txt - [7983 octets] - [16/01/2015 16:55:57]
AdwCleaner[S0].txt - [7741 octets] - [16/01/2015 16:59:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7801 octets] ##########
desculpa por te deixar esperando
depois de passar adwcleaner o computador foi reiniciado como de costume
a demora foi que o icone de acesso a internet ficou marcado com um X
não sabia o que fazer desliguei PC liguei novamente
tentei usar uma restauração anterior
até que porem depois de tentativas liga e desliga PC e modem
em pendrive havia lá o drive de rede por minha sorte
mas não foi fácil corrigir
até que usei corretamente desinstalei o drive e o instalei novamente
funcionou. uffa
ok
adwcleaner:
surgiu dois logs
(R0) e (S0)
aqui vai:
# AdwCleaner v4.107 - Relatório criado 16/01/2015 às 16:55:57
# Atualizado 07/01/2015 por Xplode
# Database : 2015-01-13.2 [Live]
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Aldemir - ALDEMIR-PC
# Executando de : C:\Users\Aldemir\Downloads\AdwCleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
Serviço Encontrado : globalUpdate
Serviço Encontrado : globalUpdatem
Serviço Encontrado : sbmntr
Serviço Encontrado : WindowsMangerProtect
Serviço Encontrado : IHProtect Service
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Arquivo Encontrado : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Arquivo Encontrado : C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\bKgT5aML.default\user.js
Arquivo Encontrado : C:\Users\Aldemir\Desktop\Continue Live Installation.lnk
Arquivo Encontrado : C:\Windows\system32\drivers\hssdrv6.sys
Pasta Encontrado : C:\Program Files\predm
Pasta Encontrado : C:\Program Files\XTab
Pasta Encontrado : C:\ProgramData\baidu
Pasta Encontrado : C:\ProgramData\IHProtectUpDate
Pasta Encontrado : C:\Users\Aldemir\AppData\Local\CrashRpt
Pasta Encontrado : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Pasta Encontrado : C:\Users\Aldemir\AppData\Roaming\baidu
Pasta Encontrado : C:\Users\Public\Documents\baidu
Pasta Encontrado : C:\Users\Public\Documents\ShopperPro
***** [ Tarefas ] *****
Tarefa Encontrada : SMupdate1
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\MGShareware
Chave Encontrada : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Encontrada : HKLM\SOFTWARE\Baidu
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrada : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Chave Encontrada : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Encontrada : HKLM\SOFTWARE\IHProtect
Chave Encontrada : HKLM\SOFTWARE\MGShareware
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Encontrada : HKLM\SOFTWARE\ShopperPro
Chave Encontrada : HKLM\SOFTWARE\YTDownloader
Chave Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v
-\\ Google Chrome v39.0.2171.99
*************************
AdwCleaner[R0].txt - [7843 octets] - [16/01/2015 16:55:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7903 octets] ##########
--------------------------------------------------------------------------------------------------------------
# AdwCleaner v4.107 - Relatório criado 16/01/2015 às 16:59:42
# Atualizado 07/01/2015 por Xplode
# Database : 2015-01-13.2 [Live]
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Aldemir - ALDEMIR-PC
# Executando de : C:\Users\Aldemir\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
[#] Serviço Deletada : sbmntr
[#] Serviço Deletada : WindowsMangerProtect
[#] Serviço Deletada : IHProtect Service
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IHProtectUpDate
Pasta Deletada : C:\Program Files\predm
Pasta Deletada : C:\Program Files\XTab
Pasta Deletada : C:\Users\Aldemir\AppData\Local\CrashRpt
Pasta Deletada : C:\Users\Aldemir\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Public\Documents\ShopperPro
Pasta Deletada : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Arquivo Deletada : C:\Windows\system32\drivers\hssdrv6.sys
Arquivo Deletada : C:\Users\Aldemir\Desktop\Continue Live Installation.lnk
Arquivo Deletada : C:\Users\Aldemir\AppData\Roaming\Mozilla\Firefox\Profiles\bKgT5aML.default\user.js
Arquivo Deletada : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Arquivo Deletada : C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
***** [ Tarefas ] *****
Tarefa Deletedo : SMupdate1
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKCU\Software\MGShareware
Chave Deletedo : HKLM\SOFTWARE\MGShareware
Chave Deletedo : HKLM\SOFTWARE\ShopperPro
Chave Deletedo : HKLM\SOFTWARE\YTDownloader
Chave Deletedo : HKLM\SOFTWARE\Baidu
Chave Deletedo : HKLM\SOFTWARE\IHProtect
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v
-\\ Google Chrome v39.0.2171.99
*************************
AdwCleaner[R0].txt - [7983 octets] - [16/01/2015 16:55:57]
AdwCleaner[S0].txt - [7741 octets] - [16/01/2015 16:59:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7801 octets] ##########
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
/!\ Boa Noite! Aldemir /!\
> Realize novo scan com ZHPDiag e poste seu relatório! ( ZHPDiag.txt )
A+
> Muito rara essa ocorrência com a ferramenta AdwCleaner.Aldemir escreveu:até que porem depois de tentativas liga e desliga PC e modem
em pendrive havia lá o drive de rede por minha sorte
mas não foi fácil corrigir
até que usei corretamente desinstalei o drive e o instalei novamente
funcionou. uffa
> Realize novo scan com ZHPDiag e poste seu relatório! ( ZHPDiag.txt )
A+
Última edição por joram em Sex 16 Jan 2015, 21:55, editado 1 vez(es)
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: virus, malware, baidu, anyprotect, adwares...
Olá Joram, boa noite !
ZHPdiag.txt :
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
pois é joram aconteceu :/
ZHPdiag.txt :
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
joram escreveu:> Muito rara essa ocorrência com a ferramenta AdwCleaner.
pois é joram aconteceu :/
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
/!\ Boa Noite! Aldemir /!\
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
[MD5.A45721F5AFB6E49B9FEC5805CD1B643C] [SPRF][04/09/2014] (.No owner - Adware-Removal-Tool-v3.9.1.) -- C:\Users\Aldemir\Desktop\Adware-Removal-Tool-v3.9.1.exe [753184]
O4 - HKLM\..\Run: [gmsd_br_100] Chave orfã
O43 - CFD: 16/01/2015 - 17:27:35 - [] ----D C:\Program Files\Adware-Removal-Tool
O43 - CFD: 16/01/2015 - 02:47:31 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 16/01/2015 - 17:27:35 - [] ----D C:\ProgramData\Baidu Security
O44 - LFC:[MD5.5028604A0A5FB99CEF8D0E161EEB1CD3] - 08/01/2015 - 05:01:23 ---A- . (.Baidu, Inc. - Baidu Antivirus BdSandboxDll.dll.) -- C:\Windows\System32\BdSandboxDll32.dll [330272]
[HKLM\Software\Ge-Force] =>PUP.CrossRider^
HKCU\Software\Baidu Security]
[HKCU\Software\Baixaki]
[HKLM\Software\Baidu Security]
C:\Windows\System32\BdSandboxDll32.dll
C:\Program Files\Baidu Security
C:\ProgramData\Baidu Security
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
A+
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
[MD5.A45721F5AFB6E49B9FEC5805CD1B643C] [SPRF][04/09/2014] (.No owner - Adware-Removal-Tool-v3.9.1.) -- C:\Users\Aldemir\Desktop\Adware-Removal-Tool-v3.9.1.exe [753184]
O4 - HKLM\..\Run: [gmsd_br_100] Chave orfã
O43 - CFD: 16/01/2015 - 17:27:35 - [] ----D C:\Program Files\Adware-Removal-Tool
O43 - CFD: 16/01/2015 - 02:47:31 - [] ----D C:\Program Files\Baidu Security
O43 - CFD: 16/01/2015 - 17:27:35 - [] ----D C:\ProgramData\Baidu Security
O44 - LFC:[MD5.5028604A0A5FB99CEF8D0E161EEB1CD3] - 08/01/2015 - 05:01:23 ---A- . (.Baidu, Inc. - Baidu Antivirus BdSandboxDll.dll.) -- C:\Windows\System32\BdSandboxDll32.dll [330272]
[HKLM\Software\Ge-Force] =>PUP.CrossRider^
HKCU\Software\Baidu Security]
[HKCU\Software\Baixaki]
[HKLM\Software\Baidu Security]
C:\Windows\System32\BdSandboxDll32.dll
C:\Program Files\Baidu Security
C:\ProgramData\Baidu Security
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
A+
Última edição por joram em Sáb 17 Jan 2015, 16:05, editado 1 vez(es)
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: virus, malware, baidu, anyprotect, adwares...
Olá joram boa noite!
ZHPfix
Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by Aldemir at 16/01/2015 22:21:17
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio
========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Ge-Force
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baixaki
ELIMINÉ: HKLM\Software\Baidu Security
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
========== Pastas ==========
ELIMINÉ Temporários windows (0)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\Program Files\Adware-Removal-Tool
ELIMINÉ: C:\Program Files\Baidu Security
ELIMINÉ: C:\ProgramData\Baidu Security
========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (32.768 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\windows\system32\bdsandboxdll32.dll
========== Recapitulativo ==========
4 : Chaves do Registo
2 : Valores do Registo
5 : Pastas
3 : Ficheiros
End of clean in 01mn 05s
========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/01/2015 14:12:19 [8380]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R2].txt - 16/01/2015 22:21:27 [1303]
ZHPfix
Rapport de ZHPFix 2014.10.24.12 par Nicolas Coolman, Update du 24/10/2014
Fichier d'export Registre :
Run by Aldemir at 16/01/2015 22:21:17
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio
========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Ge-Force
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baixaki
ELIMINÉ: HKLM\Software\Baidu Security
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
========== Pastas ==========
ELIMINÉ Temporários windows (0)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: C:\Program Files\Adware-Removal-Tool
ELIMINÉ: C:\Program Files\Baidu Security
ELIMINÉ: C:\ProgramData\Baidu Security
========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (32.768 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\windows\system32\bdsandboxdll32.dll
========== Recapitulativo ==========
4 : Chaves do Registo
2 : Valores do Registo
5 : Pastas
3 : Ficheiros
End of clean in 01mn 05s
========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/01/2015 14:12:19 [8380]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R2].txt - 16/01/2015 22:21:27 [1303]
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
/!\ Boa Noite Aldemir /!\
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute Zoek.exe como administrador.
ipconfig /flushdns;b
autoclean;
quickscan;
emptytemp;
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute Zoek.exe como administrador.
ipconfig /flushdns;b
autoclean;
quickscan;
emptytemp;
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Confirme o reboot!
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.zoek.hta failed by unknown error.
Restart computer, and try again.
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: virus, malware, baidu, anyprotect, adwares...
Olá joram boa noite!
como pedido relatorio:
zoek-results.txt
Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by Aldemir on 17/01/2015 at 19:53:31,49.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-01-17-183618.log 38463 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
"C:\Users\Aldemir\AppData\Roaming\ViberPC\config.db" deleted
"C:\Users\Aldemir\AppData\Roaming\ViberPC\info.db" deleted
"C:\Users\Aldemir\AppData\Roaming\ViberPC" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Aldemir\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2015-01-16 19:52:34 8C3D0C73A0850A0EE62DF9EC36DBDE80 1904 ------w- C:\Windows\System32\SetupBD.din
2015-01-16 19:52:13 F192AA9C5A529292E6C67C3213E8E4D2 74944 ----a-w- C:\Windows\System32\NicInstK.dll
2015-01-16 19:52:13 4E9C27CCB18D0962477CC3D8473ABB1D 3138 ----a-w- C:\Windows\System32\e1k6232.din
2015-01-16 19:52:13 3E6E1DC8BDEFC3AC820C58FAF05CC959 68264 ----a-w- C:\Windows\System32\e1kmsg.dll
2015-01-15 18:58:48 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-15 18:58:48 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-01-14 17:55:02 306EB846F88E58C7E763946DE95952E3 46592 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-14 17:54:58 FD9692A3D31E021207D3C2A9DDDC2BE3 164864 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 17:54:52 F115C5CD29E512F18BD7138A094B77E5 242688 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-09 08:07:55 742BD1F196FEFC94A6379BA039D3CD00 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
2015-01-09 07:42:51 523AB607EEF81CC4D909E7FEBD8A788E 2297552 ----a-w- C:\Windows\System32\d3dx9_26.dll
====== C:\Windows\system32\drivers =====
2015-01-16 19:52:13 19E30C3C80D8CE29944B3F30FF9C8B76 224424 ----a-w- C:\Windows\System32\drivers\e1k6232.sys
2015-01-16 12:04:55 F89897263AD15D16442CE3C3C7848ED8 643168 ----a-w- C:\Windows\System32\drivers\klif.sys
2015-01-16 12:04:55 18E4506B0B2523B04D286F8E2C500C7F 111200 ----a-w- C:\Windows\System32\drivers\klflt.sys
2015-01-16 03:23:25 E12DB53A9457CA44FC4C93AAE0C3BCCE 431395 ----a-w- C:\Windows\System32\drivers\vsconfig.xml
2015-01-14 17:54:46 03F899F521D2AAED1C55008F734DF252 116224 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-16 12:13:46 -------- d-----w- C:\Program Files\ZHPDiag
2015-01-16 03:22:06 -------- d-----w- C:\Program Files\CheckPoint
2015-01-09 08:08:01 -------- d-----w- C:\Program Files\Common Files\Java
2015-01-09 08:06:53 -------- d-----w- C:\Program Files\Java
2015-01-07 21:50:49 -------- d-----w- C:\Program Files\Audacity
======= C: =====
2015-01-16 12:38:36 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\PhysicalDisk0_MBR.bin
====== C:\Users\Aldemir\AppData\Roaming ======
2015-01-17 18:33:46 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Users\USURIO~1\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2015-01-17 18:33:45 -------- d-----w- C:\Users\Aldemir\AppData\Local\Temp
2015-01-16 19:04:52 -------- d-----w- C:\Users\Aldemir\AppData\Local\ElevatedDiagnostics
2015-01-16 19:03:31 -------- d-----w- C:\Users\Aldemir\AppData\Local\Diagnostics
2015-01-16 12:13:46 -------- d-----w- C:\Users\Aldemir\AppData\Roaming\ZHP
2015-01-16 04:47:57 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Locallow\BAVData
2015-01-07 21:51:56 -------- d-----w- C:\Users\Aldemir\AppData\Roaming\Audacity
2015-01-01 07:11:48 -------- d-----w- C:\Users\Aldemir\AppData\Local\Viber
====== C:\Users\Aldemir ======
2015-01-16 21:44:21 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Downloads\sp51785.exe
2015-01-16 19:37:23 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Desktop\sp51785.exe
2015-01-16 18:53:52 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\Aldemir\Downloads\AdwCleaner.exe
2015-01-16 18:37:33 8DA935E5025B2503DF2C77967A711C6A 1348096 ----a-w- C:\Users\Aldemir\Downloads\SFTGC.exe
2015-01-16 16:18:43 71E6668A73C557EB2838AE749511CD08 592008 ----a-w- C:\Users\Aldemir\Downloads\setup (3).exe
2015-01-16 16:14:45 A269E6188F555E8A92A298DB41FB9E3E 592016 ----a-w- C:\Users\Aldemir\Downloads\setup (2).exe
2015-01-16 12:13:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-01-16 12:09:11 2E641DEDB02F330F62D0203AA78935FE 6867801 ----a-w- C:\Users\Aldemir\Downloads\ZHPDiag2.exe
2015-01-16 11:36:36 57F548CC50AD2DE004E07E6F77CE8015 227 ----a-w- C:\Users\TODOSO~1\bc.ini
2015-01-16 11:36:36 57F548CC50AD2DE004E07E6F77CE8015 227 ----a-w- C:\ProgramData\bc.ini
2015-01-16 11:35:06 -------- d-----w- C:\Users\TODOSO~1\Kaspersky Lab Setup Files
2015-01-16 11:35:06 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2015-01-16 11:32:00 11344ABFB6C92724D835396D68B3CF42 175205184 ----a-w- C:\Users\Aldemir\Downloads\kav15.0.0.463PT_6305.exe
2015-01-16 10:36:36 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup (1).exe
2015-01-16 10:36:05 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup.exe
2015-01-16 09:34:07 A45721F5AFB6E49B9FEC5805CD1B643C 753184 ----a-w- C:\Users\Aldemir\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-01-16 09:01:34 -------- d-----w- C:\Users\TODOSO~1\Avira
2015-01-16 09:01:34 -------- d-----w- C:\ProgramData\Avira
2015-01-16 08:29:30 C95E90024CD37DC00568E52A1F3452A8 575704 ----a-w- C:\Users\Aldemir\Downloads\Avira AntiVir Personal Edition Classic.exe
2015-01-16 08:09:09 F4BA7664700F718CD2827085490BE477 4514312 ----a-w- C:\Users\Aldemir\Downloads\avira_ptbr_av_44362890_7u5dx2fqtraa1bvmgund_wd.exe
2015-01-16 04:47:06 A0FFC86780957321DF37A911F5DBAD41 110585544 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits [1].exe
2015-01-16 04:27:48 DF4B6036A089AC6FA2B0607C32C6ECFD 2115360 ----a-w- C:\Users\Aldemir\Downloads\fg742p.exe
2015-01-16 03:23:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-01-16 03:17:06 -------- d-----w- C:\Users\TODOSO~1\CheckPoint
2015-01-16 03:17:06 -------- d-----w- C:\ProgramData\CheckPoint
2015-01-15 22:40:57 DCAAC830DD8CC98DE188D75F02E79520 34651995 ----a-w- C:\Users\Aldemir\Downloads\torbrowser-install-4.0.3_pt-PT.exe
2015-01-15 22:22:08 9BB42331A34825BCD9A15F853F91204B 226075384 ----a-w- C:\Users\Aldemir\Downloads\cispremium_installer.exe
2015-01-15 00:20:48 678FD7AA6ECA7E0ACA6A0C348F87E539 688923 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits.exe
2015-01-14 23:38:20 76B6F5D978B608A7788C48FFDB8E5E26 3401864 ----a-w- C:\Users\Aldemir\Downloads\zafwSetupWeb_133_209_000.exe
2015-01-13 14:09:10 -------- d-----w- C:\Users\TODOSO~1\ClubSanDisk
2015-01-13 14:09:10 -------- d-----w- C:\ProgramData\ClubSanDisk
2015-01-09 08:08:03 -------- d-----w- C:\Users\TODOSO~1\Sun
2015-01-09 08:08:03 -------- d-----w- C:\ProgramData\Sun
2015-01-09 08:07:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-09 08:07:07 -------- d-----w- C:\Users\TODOSO~1\Oracle
2015-01-09 08:07:07 -------- d-----w- C:\ProgramData\Oracle
2015-01-09 08:00:52 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\Aldemir\Downloads\chromeinstall-8u25.exe
2015-01-09 07:19:56 80AE5F8CD4AD4304F97C5103BBCD4B24 183221429 ----a-w- C:\Users\Aldemir\Downloads\crash bandicoot.exe
2015-01-09 07:12:02 698E8C33128A4C70483FCB04D7657FA4 65993068 ----a-w- C:\Users\Aldemir\Desktop\Driver2.exe
2015-01-09 07:10:06 698E8C33128A4C70483FCB04D7657FA4 65993068 ----a-w- C:\Users\Aldemir\Downloads\Driver2.exe
2015-01-07 21:49:48 79943BE44F8288EDC375E3599331F8FF 22892794 ----a-w- C:\Users\Aldemir\Downloads\audacity-win-2.0.6.exe
2014-12-19 23:42:28 B8CBFB26B5CEB354789A97329C667648 1534 ----a-w- C:\Users\TODOSO~1\ss.ini
2014-12-19 23:42:28 B8CBFB26B5CEB354789A97329C667648 1534 ----a-w- C:\ProgramData\ss.ini
====== C: exe-files ==
2015-01-17 00:20:22 785CC096C1286D187B1C5C6AE95BA774 118440 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\Adware-Removal-Tool\ARTP3.exe
2015-01-17 00:20:22 6CBB5C25FF043CE3D4F872777C0225FA 55976 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\Adware-Removal-Tool\ARTP2.exe
2015-01-17 00:18:47 785CC096C1286D187B1C5C6AE95BA774 118440 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\ARTP3.exe
2015-01-17 00:18:47 6CBB5C25FF043CE3D4F872777C0225FA 55976 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\ARTP2.exe
2015-01-16 21:44:21 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Downloads\sp51785.exe
2015-01-16 19:37:23 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Desktop\sp51785.exe
2015-01-16 18:53:52 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\Aldemir\Downloads\AdwCleaner.exe
2015-01-16 18:37:33 8DA935E5025B2503DF2C77967A711C6A 1348096 ----a-w- C:\Users\Aldemir\Downloads\SFTGC.exe
2015-01-16 17:10:57 1087BE1ED3E4CF8BAC3DFB8BCF76FACF 1891840 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\sweet-page.DIR\UninstallManager.exe
2015-01-16 17:10:56 E0D2751A49D2248BCCC1952C9352A08B 343848 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\Hotspot Shield\report\af_proxy_cmd_rep.exe
2015-01-16 17:10:55 C8AC9074C2DFD3814F656D1FECA32129 464384 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\windowsmangerprotect.DIR\ProtectWindowsManager.exe
2015-01-16 17:10:55 A91466B2F222DFE1DDAFF6D022F5544A 94872 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\Unelevate.exe
2015-01-16 17:10:55 5241562B6FA3E8FDA3B672688D269D71 595168 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\YTDUninstall.exe
2015-01-16 17:10:54 F524099338597504AE0C886F7142D420 3224576 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\jsdrv.exe
2015-01-16 17:10:54 F524099338597504AE0C886F7142D420 3224576 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\1473.0.0.0\jsdrv.exe
2015-01-16 17:10:54 E519F2BF8D35627AA8C712AA636F52FF 576718 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\rtmpdump.exe
2015-01-16 17:10:54 96962640A064909E25C52DCA7DDF27DB 2292584 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\converter.exe
2015-01-16 17:10:54 0BBC181FB6BF415DD2FD168689616FFF 385896 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\DownloadHelper.exe
2015-01-16 17:10:53 E19E548EBFDAEC96786AAE6A26CC65F0 602768 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\SPRemove.exe
2015-01-16 17:10:53 2973B2EAD3974BB7D5DD82550EE25678 2651899 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\sense.DIR\utils.exe
2015-01-16 17:10:53 086BC4815269AE04F6AA4E3F56CA2866 359424 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\HssWPR\HssInstaller.exe
2015-01-16 17:10:53 086BC4815269AE04F6AA4E3F56CA2866 359424 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\bin\HssInstaller.exe
2015-01-16 17:10:53 047816E17D816EB929040EBE3DF91320 122848 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\sense.DIR\Uninstall.exe
2015-01-16 17:10:52 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleUpdateBroker.exe
2015-01-16 17:10:52 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleUpdate.exe
2015-01-16 17:10:52 8B9FBB192520A8ED4DBC11E0EF69B079 2660455 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ge-force.DIR\utils.exe
2015-01-16 17:10:52 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleUpdateOnDemand.exe
2015-01-16 17:10:52 7C09767686DA9AE18D8D8EE03EA13B85 120800 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ge-force.DIR\Uninstall.exe
2015-01-16 17:10:52 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleCrashHandler.exe
2015-01-16 16:18:43 71E6668A73C557EB2838AE749511CD08 592008 ----a-w- C:\Users\Aldemir\Downloads\setup (3).exe
2015-01-16 16:14:45 A269E6188F555E8A92A298DB41FB9E3E 592016 ----a-w- C:\Users\Aldemir\Downloads\setup (2).exe
2015-01-16 12:13:47 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files\ZHPDiag\catchme.exe
2015-01-16 12:13:47 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Program Files\ZHPDiag\mbrcheck.exe
2015-01-16 12:13:47 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
2015-01-16 12:13:47 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files\ZHPDiag\mbr.exe
2015-01-16 12:13:47 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Program Files\ZHPDiag\Lads.exe
2015-01-16 12:13:47 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Program Files\ZHPDiag\pv.exe
2015-01-16 12:13:47 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files\ZHPDiag\subinacl.exe
2015-01-16 12:13:47 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files\ZHPDiag\setacl32.exe
2015-01-16 12:13:47 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files\ZHPDiag\setacl64.exe
2015-01-16 12:13:47 2E30F0D775442FFBF68E7AB4603BFFDB 3060224 ----a-w- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe
2015-01-16 12:13:47 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Program Files\ZHPDiag\sigcheck.exe
2015-01-16 12:13:46 E47AC731D42B2452D4C0BF096DF3DD6E 8145408 ----a-w- C:\Program Files\ZHPDiag\ZHPDiag.exe
2015-01-16 12:13:46 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files\ZHPDiag\ZHPhep.exe
2015-01-16 12:13:46 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Program Files\ZHPDiag\unins000.exe
2015-01-16 12:09:11 2E641DEDB02F330F62D0203AA78935FE 6867801 ----a-w- C:\Users\Aldemir\Downloads\ZHPDiag2.exe
2015-01-16 11:32:00 11344ABFB6C92724D835396D68B3CF42 175205184 ----a-w- C:\Users\Aldemir\Downloads\kav15.0.0.463PT_6305.exe
2015-01-16 10:36:36 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup (1).exe
2015-01-16 10:36:05 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup.exe
2015-01-16 09:34:07 A45721F5AFB6E49B9FEC5805CD1B643C 753184 ----a-w- C:\Users\Aldemir\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-01-16 08:29:30 C95E90024CD37DC00568E52A1F3452A8 575704 ----a-w- C:\Users\Aldemir\Downloads\Avira AntiVir Personal Edition Classic.exe
2015-01-16 08:09:09 F4BA7664700F718CD2827085490BE477 4514312 ----a-w- C:\Users\Aldemir\Downloads\avira_ptbr_av_44362890_7u5dx2fqtraa1bvmgund_wd.exe
2015-01-16 04:47:06 A0FFC86780957321DF37A911F5DBAD41 110585544 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits [1].exe
2015-01-16 04:29:56 A93F31991E187662BE9CE38C264B1115 2045664 ----a-w- C:\Users\Aldemir\Desktop\Nova pasta (3)\u1405.exe
2015-01-16 04:29:37 DF4B6036A089AC6FA2B0607C32C6ECFD 2115360 ----a-w- C:\Users\Aldemir\Desktop\Nova pasta (3)\fg742p.exe
2015-01-16 04:27:48 DF4B6036A089AC6FA2B0607C32C6ECFD 2115360 ----a-w- C:\Users\Aldemir\Downloads\fg742p.exe
2015-01-16 03:17:05 E21634343EBA5D754A318695C8161D99 2849392 ----a-w- C:\Program Files\CheckPoint\Install\Install.exe
2015-01-16 03:17:05 C7D74C58B999B8BCF8685DE01AE03CDA 59392 ----a-w- C:\Program Files\CheckPoint\Install\vsdrinst64.exe
2015-01-16 03:17:05 B8096F92F896E11462F7E9D4F811CBE4 68288 ----a-w- C:\Program Files\CheckPoint\Install\CUninstallerZA.exe
2015-01-16 03:17:05 B55245CEDEDB97492AE6DCBBA68D0F81 18040 ----a-w- C:\Program Files\CheckPoint\Install\Clean_tool64.exe
2015-01-16 03:17:05 B358697CC505A0996747CAF3B0C57807 16504 ----a-w- C:\Program Files\CheckPoint\Install\Clean_tool.exe
2015-01-16 03:17:05 AE83394A24D17A6D672A90B1908CAD63 437872 ----a-w- C:\Program Files\CheckPoint\Install\Launcher.exe
2015-01-16 03:17:05 674CE74F6511382F534D6AA2B4B37B75 62568 ----a-w- C:\Program Files\CheckPoint\Install\handlecmsg.exe
2015-01-16 03:17:05 47480F068389CF68CED679E8CA4DEC4D 745600 ----a-w- C:\Program Files\CheckPoint\Install\Uninst.exe
2015-01-16 03:17:05 2A2397F12C1CAB12B50300B2B3E70D34 65424 ----a-w- C:\Program Files\CheckPoint\Install\vsdrinst.exe
2015-01-16 00:50:20 BA7DC0C9141BE7292CA7E744B6F19F26 897104 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.99\39.0.2171.99_39.0.2171.95_chrome_updater.exe
2015-01-15 22:40:57 DCAAC830DD8CC98DE188D75F02E79520 34651995 ----a-w- C:\Users\Aldemir\Downloads\torbrowser-install-4.0.3_pt-PT.exe
2015-01-15 22:22:08 9BB42331A34825BCD9A15F853F91204B 226075384 ----a-w- C:\Users\Aldemir\Downloads\cispremium_installer.exe
2015-01-15 18:58:48 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-15 18:58:48 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-01-15 00:20:48 678FD7AA6ECA7E0ACA6A0C348F87E539 688923 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits.exe
2015-01-14 23:38:20 76B6F5D978B608A7788C48FFDB8E5E26 3401864 ----a-w- C:\Users\Aldemir\Downloads\zafwSetupWeb_133_209_000.exe
2015-01-14 17:55:02 306EB846F88E58C7E763946DE95952E3 46592 ----a-w- C:\Windows\System32\TSWbPrxy.exe
=== C: other files ==
2015-01-16 19:52:13 49E092ABAAC2F471655C38064C7B566F 215208 ----a-w- C:\Windows\System32\DriverStore\FileRepository\e1q6232.inf_x86_neutral_f7eb5929ba4b5093\e1q6232.sys
2015-01-16 19:52:13 19E30C3C80D8CE29944B3F30FF9C8B76 224424 ----a-w- C:\Windows\System32\DriverStore\FileRepository\e1k6232.inf_x86_neutral_b2d8b4c622f44b3a\e1k6232.sys
2015-01-16 19:52:13 19E30C3C80D8CE29944B3F30FF9C8B76 224424 ----a-w- C:\Windows\System32\drivers\e1k6232.sys
2015-01-16 17:11:19 44EAB3875BBF898CD5164BA58FB5F7B9 196 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\app.DIR\Popcorn Time\node_modules\nw-gyp\gyp\samples\samples.bat
2015-01-16 17:11:18 962AC97BA2737832F3233916D7C56494 201 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\app.DIR\Popcorn Time\node_modules\nw-gyp\gyp\gyp.bat
2015-01-16 17:10:54 9E308F9DEF03CEF04306A4FF7A26FF57 41320 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\jsdrv.sys
2015-01-16 17:10:54 9E308F9DEF03CEF04306A4FF7A26FF57 41320 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\1473.0.0.0\jsdrv.sys
2015-01-16 17:10:54 14B8E0A621C193D1644E2747AE7AFBF1 50024 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\sbmntr.sys
2015-01-16 17:10:53 21E25622478BE3B4BECDF1213BA5CDC8 39624 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\HssWPR\hssdrv6.sys
2015-01-16 12:04:55 F89897263AD15D16442CE3C3C7848ED8 643168 ----a-w- C:\Windows\System32\drivers\klif.sys
2015-01-16 12:04:55 18E4506B0B2523B04D286F8E2C500C7F 111200 ----a-w- C:\Windows\System32\drivers\klflt.sys
2015-01-16 04:29:27 107B392417CBD17D32F55B09E774A8E4 1985966 ----a-w- C:\Users\Aldemir\Desktop\u.zip
2015-01-16 04:29:19 107B392417CBD17D32F55B09E774A8E4 1985966 ----a-w- C:\Users\Aldemir\Downloads\u.zip
2015-01-16 03:38:20 21E25622478BE3B4BECDF1213BA5CDC8 39624 ----a-w- C:\Windows\System32\DriverStore\FileRepository\nethss6.inf_x86_neutral_f5f9af92919da52c\hssdrv6.sys
2015-01-14 22:33:41 9DC1AED30858C5CF238670FDE25B5491 4123065 ----a-w- C:\Users\Aldemir\Downloads\AdvOR-0.3.0.7.zip
2015-01-14 17:54:46 03F899F521D2AAED1C55008F734DF252 116224 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2887622060-1900363798-2962781400-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Aldemir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Viber"="C:\Users\Aldemir\AppData\Local\Viber\Viber.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"Wondershare Helper Compact.exe"="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ZoneAlarm"="C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Aldemir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Viber"="C:\Users\Aldemir\AppData\Local\Viber\Viber.exe"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/09/2014 18:30]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Look ======================
Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
Google Slides - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Pocket - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk
Google Wallet - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Empty IE Cache ======================
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=614 folders=102 105593129 bytes)
==== Empty Temp Folders ======================
C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 17/01/2015 at 20:12:57,19 ======================
como pedido relatorio:
zoek-results.txt
Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by Aldemir on 17/01/2015 at 19:53:31,49.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-01-17-183618.log 38463 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
"C:\Users\Aldemir\AppData\Roaming\ViberPC\config.db" deleted
"C:\Users\Aldemir\AppData\Roaming\ViberPC\info.db" deleted
"C:\Users\Aldemir\AppData\Roaming\ViberPC" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Aldemir\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
2015-01-16 19:52:34 8C3D0C73A0850A0EE62DF9EC36DBDE80 1904 ------w- C:\Windows\System32\SetupBD.din
2015-01-16 19:52:13 F192AA9C5A529292E6C67C3213E8E4D2 74944 ----a-w- C:\Windows\System32\NicInstK.dll
2015-01-16 19:52:13 4E9C27CCB18D0962477CC3D8473ABB1D 3138 ----a-w- C:\Windows\System32\e1k6232.din
2015-01-16 19:52:13 3E6E1DC8BDEFC3AC820C58FAF05CC959 68264 ----a-w- C:\Windows\System32\e1kmsg.dll
2015-01-15 18:58:48 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-15 18:58:48 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-01-14 17:55:02 306EB846F88E58C7E763946DE95952E3 46592 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-14 17:54:58 FD9692A3D31E021207D3C2A9DDDC2BE3 164864 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-14 17:54:52 F115C5CD29E512F18BD7138A094B77E5 242688 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-09 08:07:55 742BD1F196FEFC94A6379BA039D3CD00 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
2015-01-09 07:42:51 523AB607EEF81CC4D909E7FEBD8A788E 2297552 ----a-w- C:\Windows\System32\d3dx9_26.dll
====== C:\Windows\system32\drivers =====
2015-01-16 19:52:13 19E30C3C80D8CE29944B3F30FF9C8B76 224424 ----a-w- C:\Windows\System32\drivers\e1k6232.sys
2015-01-16 12:04:55 F89897263AD15D16442CE3C3C7848ED8 643168 ----a-w- C:\Windows\System32\drivers\klif.sys
2015-01-16 12:04:55 18E4506B0B2523B04D286F8E2C500C7F 111200 ----a-w- C:\Windows\System32\drivers\klflt.sys
2015-01-16 03:23:25 E12DB53A9457CA44FC4C93AAE0C3BCCE 431395 ----a-w- C:\Windows\System32\drivers\vsconfig.xml
2015-01-14 17:54:46 03F899F521D2AAED1C55008F734DF252 116224 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-16 12:13:46 -------- d-----w- C:\Program Files\ZHPDiag
2015-01-16 03:22:06 -------- d-----w- C:\Program Files\CheckPoint
2015-01-09 08:08:01 -------- d-----w- C:\Program Files\Common Files\Java
2015-01-09 08:06:53 -------- d-----w- C:\Program Files\Java
2015-01-07 21:50:49 -------- d-----w- C:\Program Files\Audacity
======= C: =====
2015-01-16 12:38:36 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\PhysicalDisk0_MBR.bin
====== C:\Users\Aldemir\AppData\Roaming ======
2015-01-17 18:33:46 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Users\USURIO~1\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2015-01-17 18:33:46 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2015-01-17 18:33:45 -------- d-----w- C:\Users\Aldemir\AppData\Local\Temp
2015-01-16 19:04:52 -------- d-----w- C:\Users\Aldemir\AppData\Local\ElevatedDiagnostics
2015-01-16 19:03:31 -------- d-----w- C:\Users\Aldemir\AppData\Local\Diagnostics
2015-01-16 12:13:46 -------- d-----w- C:\Users\Aldemir\AppData\Roaming\ZHP
2015-01-16 04:47:57 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Locallow\BAVData
2015-01-07 21:51:56 -------- d-----w- C:\Users\Aldemir\AppData\Roaming\Audacity
2015-01-01 07:11:48 -------- d-----w- C:\Users\Aldemir\AppData\Local\Viber
====== C:\Users\Aldemir ======
2015-01-16 21:44:21 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Downloads\sp51785.exe
2015-01-16 19:37:23 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Desktop\sp51785.exe
2015-01-16 18:53:52 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\Aldemir\Downloads\AdwCleaner.exe
2015-01-16 18:37:33 8DA935E5025B2503DF2C77967A711C6A 1348096 ----a-w- C:\Users\Aldemir\Downloads\SFTGC.exe
2015-01-16 16:18:43 71E6668A73C557EB2838AE749511CD08 592008 ----a-w- C:\Users\Aldemir\Downloads\setup (3).exe
2015-01-16 16:14:45 A269E6188F555E8A92A298DB41FB9E3E 592016 ----a-w- C:\Users\Aldemir\Downloads\setup (2).exe
2015-01-16 12:13:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-01-16 12:09:11 2E641DEDB02F330F62D0203AA78935FE 6867801 ----a-w- C:\Users\Aldemir\Downloads\ZHPDiag2.exe
2015-01-16 11:36:36 57F548CC50AD2DE004E07E6F77CE8015 227 ----a-w- C:\Users\TODOSO~1\bc.ini
2015-01-16 11:36:36 57F548CC50AD2DE004E07E6F77CE8015 227 ----a-w- C:\ProgramData\bc.ini
2015-01-16 11:35:06 -------- d-----w- C:\Users\TODOSO~1\Kaspersky Lab Setup Files
2015-01-16 11:35:06 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2015-01-16 11:32:00 11344ABFB6C92724D835396D68B3CF42 175205184 ----a-w- C:\Users\Aldemir\Downloads\kav15.0.0.463PT_6305.exe
2015-01-16 10:36:36 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup (1).exe
2015-01-16 10:36:05 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup.exe
2015-01-16 09:34:07 A45721F5AFB6E49B9FEC5805CD1B643C 753184 ----a-w- C:\Users\Aldemir\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-01-16 09:01:34 -------- d-----w- C:\Users\TODOSO~1\Avira
2015-01-16 09:01:34 -------- d-----w- C:\ProgramData\Avira
2015-01-16 08:29:30 C95E90024CD37DC00568E52A1F3452A8 575704 ----a-w- C:\Users\Aldemir\Downloads\Avira AntiVir Personal Edition Classic.exe
2015-01-16 08:09:09 F4BA7664700F718CD2827085490BE477 4514312 ----a-w- C:\Users\Aldemir\Downloads\avira_ptbr_av_44362890_7u5dx2fqtraa1bvmgund_wd.exe
2015-01-16 04:47:06 A0FFC86780957321DF37A911F5DBAD41 110585544 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits [1].exe
2015-01-16 04:27:48 DF4B6036A089AC6FA2B0607C32C6ECFD 2115360 ----a-w- C:\Users\Aldemir\Downloads\fg742p.exe
2015-01-16 03:23:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-01-16 03:17:06 -------- d-----w- C:\Users\TODOSO~1\CheckPoint
2015-01-16 03:17:06 -------- d-----w- C:\ProgramData\CheckPoint
2015-01-15 22:40:57 DCAAC830DD8CC98DE188D75F02E79520 34651995 ----a-w- C:\Users\Aldemir\Downloads\torbrowser-install-4.0.3_pt-PT.exe
2015-01-15 22:22:08 9BB42331A34825BCD9A15F853F91204B 226075384 ----a-w- C:\Users\Aldemir\Downloads\cispremium_installer.exe
2015-01-15 00:20:48 678FD7AA6ECA7E0ACA6A0C348F87E539 688923 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits.exe
2015-01-14 23:38:20 76B6F5D978B608A7788C48FFDB8E5E26 3401864 ----a-w- C:\Users\Aldemir\Downloads\zafwSetupWeb_133_209_000.exe
2015-01-13 14:09:10 -------- d-----w- C:\Users\TODOSO~1\ClubSanDisk
2015-01-13 14:09:10 -------- d-----w- C:\ProgramData\ClubSanDisk
2015-01-09 08:08:03 -------- d-----w- C:\Users\TODOSO~1\Sun
2015-01-09 08:08:03 -------- d-----w- C:\ProgramData\Sun
2015-01-09 08:07:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-09 08:07:07 -------- d-----w- C:\Users\TODOSO~1\Oracle
2015-01-09 08:07:07 -------- d-----w- C:\ProgramData\Oracle
2015-01-09 08:00:52 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\Aldemir\Downloads\chromeinstall-8u25.exe
2015-01-09 07:19:56 80AE5F8CD4AD4304F97C5103BBCD4B24 183221429 ----a-w- C:\Users\Aldemir\Downloads\crash bandicoot.exe
2015-01-09 07:12:02 698E8C33128A4C70483FCB04D7657FA4 65993068 ----a-w- C:\Users\Aldemir\Desktop\Driver2.exe
2015-01-09 07:10:06 698E8C33128A4C70483FCB04D7657FA4 65993068 ----a-w- C:\Users\Aldemir\Downloads\Driver2.exe
2015-01-07 21:49:48 79943BE44F8288EDC375E3599331F8FF 22892794 ----a-w- C:\Users\Aldemir\Downloads\audacity-win-2.0.6.exe
2014-12-19 23:42:28 B8CBFB26B5CEB354789A97329C667648 1534 ----a-w- C:\Users\TODOSO~1\ss.ini
2014-12-19 23:42:28 B8CBFB26B5CEB354789A97329C667648 1534 ----a-w- C:\ProgramData\ss.ini
====== C: exe-files ==
2015-01-17 00:20:22 785CC096C1286D187B1C5C6AE95BA774 118440 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\Adware-Removal-Tool\ARTP3.exe
2015-01-17 00:20:22 6CBB5C25FF043CE3D4F872777C0225FA 55976 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\Adware-Removal-Tool\ARTP2.exe
2015-01-17 00:18:47 785CC096C1286D187B1C5C6AE95BA774 118440 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\ARTP3.exe
2015-01-17 00:18:47 6CBB5C25FF043CE3D4F872777C0225FA 55976 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\Adware-Removal-Tool.DIR\ARTP2.exe
2015-01-16 21:44:21 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Downloads\sp51785.exe
2015-01-16 19:37:23 C5E300377D8C63CF8B36B936F4D0A2DE 17487352 ----a-w- C:\Users\Aldemir\Desktop\sp51785.exe
2015-01-16 18:53:52 61CA40317EBF1254770BF8B495B3F8DA 2191360 ----a-w- C:\Users\Aldemir\Downloads\AdwCleaner.exe
2015-01-16 18:37:33 8DA935E5025B2503DF2C77967A711C6A 1348096 ----a-w- C:\Users\Aldemir\Downloads\SFTGC.exe
2015-01-16 17:10:57 1087BE1ED3E4CF8BAC3DFB8BCF76FACF 1891840 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\sweet-page.DIR\UninstallManager.exe
2015-01-16 17:10:56 E0D2751A49D2248BCCC1952C9352A08B 343848 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\Hotspot Shield\report\af_proxy_cmd_rep.exe
2015-01-16 17:10:55 C8AC9074C2DFD3814F656D1FECA32129 464384 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\windowsmangerprotect.DIR\ProtectWindowsManager.exe
2015-01-16 17:10:55 A91466B2F222DFE1DDAFF6D022F5544A 94872 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\Unelevate.exe
2015-01-16 17:10:55 5241562B6FA3E8FDA3B672688D269D71 595168 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\YTDUninstall.exe
2015-01-16 17:10:54 F524099338597504AE0C886F7142D420 3224576 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\jsdrv.exe
2015-01-16 17:10:54 F524099338597504AE0C886F7142D420 3224576 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\1473.0.0.0\jsdrv.exe
2015-01-16 17:10:54 E519F2BF8D35627AA8C712AA636F52FF 576718 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\rtmpdump.exe
2015-01-16 17:10:54 96962640A064909E25C52DCA7DDF27DB 2292584 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\converter.exe
2015-01-16 17:10:54 0BBC181FB6BF415DD2FD168689616FFF 385896 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\DownloadHelper.exe
2015-01-16 17:10:53 E19E548EBFDAEC96786AAE6A26CC65F0 602768 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\SPRemove.exe
2015-01-16 17:10:53 2973B2EAD3974BB7D5DD82550EE25678 2651899 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\sense.DIR\utils.exe
2015-01-16 17:10:53 086BC4815269AE04F6AA4E3F56CA2866 359424 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\HssWPR\HssInstaller.exe
2015-01-16 17:10:53 086BC4815269AE04F6AA4E3F56CA2866 359424 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\bin\HssInstaller.exe
2015-01-16 17:10:53 047816E17D816EB929040EBE3DF91320 122848 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\sense.DIR\Uninstall.exe
2015-01-16 17:10:52 F98DE4108614E4BB81E95E58E36C7000 46080 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleUpdateBroker.exe
2015-01-16 17:10:52 D858BA2EE718B1DB1CED20646E641D08 68608 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleUpdate.exe
2015-01-16 17:10:52 8B9FBB192520A8ED4DBC11E0EF69B079 2660455 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ge-force.DIR\utils.exe
2015-01-16 17:10:52 7E767B342E55EB1DFD74A65D24EA4B70 46080 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleUpdateOnDemand.exe
2015-01-16 17:10:52 7C09767686DA9AE18D8D8EE03EA13B85 120800 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ge-force.DIR\Uninstall.exe
2015-01-16 17:10:52 03114DADBD9977FC823F95B21FB987E7 72872 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\globalupdate.DIR\Update\1.3.25.0\GoogleCrashHandler.exe
2015-01-16 16:18:43 71E6668A73C557EB2838AE749511CD08 592008 ----a-w- C:\Users\Aldemir\Downloads\setup (3).exe
2015-01-16 16:14:45 A269E6188F555E8A92A298DB41FB9E3E 592016 ----a-w- C:\Users\Aldemir\Downloads\setup (2).exe
2015-01-16 12:13:47 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files\ZHPDiag\catchme.exe
2015-01-16 12:13:47 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Program Files\ZHPDiag\mbrcheck.exe
2015-01-16 12:13:47 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
2015-01-16 12:13:47 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files\ZHPDiag\mbr.exe
2015-01-16 12:13:47 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Program Files\ZHPDiag\Lads.exe
2015-01-16 12:13:47 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Program Files\ZHPDiag\pv.exe
2015-01-16 12:13:47 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files\ZHPDiag\subinacl.exe
2015-01-16 12:13:47 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files\ZHPDiag\setacl32.exe
2015-01-16 12:13:47 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files\ZHPDiag\setacl64.exe
2015-01-16 12:13:47 2E30F0D775442FFBF68E7AB4603BFFDB 3060224 ----a-w- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe
2015-01-16 12:13:47 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Program Files\ZHPDiag\sigcheck.exe
2015-01-16 12:13:46 E47AC731D42B2452D4C0BF096DF3DD6E 8145408 ----a-w- C:\Program Files\ZHPDiag\ZHPDiag.exe
2015-01-16 12:13:46 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files\ZHPDiag\ZHPhep.exe
2015-01-16 12:13:46 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Program Files\ZHPDiag\unins000.exe
2015-01-16 12:09:11 2E641DEDB02F330F62D0203AA78935FE 6867801 ----a-w- C:\Users\Aldemir\Downloads\ZHPDiag2.exe
2015-01-16 11:32:00 11344ABFB6C92724D835396D68B3CF42 175205184 ----a-w- C:\Users\Aldemir\Downloads\kav15.0.0.463PT_6305.exe
2015-01-16 10:36:36 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup (1).exe
2015-01-16 10:36:05 8CFF7E0EFF6FF8D597EDD4950A42578A 628496 ----a-w- C:\Users\Aldemir\Downloads\Setup.exe
2015-01-16 09:34:07 A45721F5AFB6E49B9FEC5805CD1B643C 753184 ----a-w- C:\Users\Aldemir\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-01-16 08:29:30 C95E90024CD37DC00568E52A1F3452A8 575704 ----a-w- C:\Users\Aldemir\Downloads\Avira AntiVir Personal Edition Classic.exe
2015-01-16 08:09:09 F4BA7664700F718CD2827085490BE477 4514312 ----a-w- C:\Users\Aldemir\Downloads\avira_ptbr_av_44362890_7u5dx2fqtraa1bvmgund_wd.exe
2015-01-16 04:47:06 A0FFC86780957321DF37A911F5DBAD41 110585544 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits [1].exe
2015-01-16 04:29:56 A93F31991E187662BE9CE38C264B1115 2045664 ----a-w- C:\Users\Aldemir\Desktop\Nova pasta (3)\u1405.exe
2015-01-16 04:29:37 DF4B6036A089AC6FA2B0607C32C6ECFD 2115360 ----a-w- C:\Users\Aldemir\Desktop\Nova pasta (3)\fg742p.exe
2015-01-16 04:27:48 DF4B6036A089AC6FA2B0607C32C6ECFD 2115360 ----a-w- C:\Users\Aldemir\Downloads\fg742p.exe
2015-01-16 03:17:05 E21634343EBA5D754A318695C8161D99 2849392 ----a-w- C:\Program Files\CheckPoint\Install\Install.exe
2015-01-16 03:17:05 C7D74C58B999B8BCF8685DE01AE03CDA 59392 ----a-w- C:\Program Files\CheckPoint\Install\vsdrinst64.exe
2015-01-16 03:17:05 B8096F92F896E11462F7E9D4F811CBE4 68288 ----a-w- C:\Program Files\CheckPoint\Install\CUninstallerZA.exe
2015-01-16 03:17:05 B55245CEDEDB97492AE6DCBBA68D0F81 18040 ----a-w- C:\Program Files\CheckPoint\Install\Clean_tool64.exe
2015-01-16 03:17:05 B358697CC505A0996747CAF3B0C57807 16504 ----a-w- C:\Program Files\CheckPoint\Install\Clean_tool.exe
2015-01-16 03:17:05 AE83394A24D17A6D672A90B1908CAD63 437872 ----a-w- C:\Program Files\CheckPoint\Install\Launcher.exe
2015-01-16 03:17:05 674CE74F6511382F534D6AA2B4B37B75 62568 ----a-w- C:\Program Files\CheckPoint\Install\handlecmsg.exe
2015-01-16 03:17:05 47480F068389CF68CED679E8CA4DEC4D 745600 ----a-w- C:\Program Files\CheckPoint\Install\Uninst.exe
2015-01-16 03:17:05 2A2397F12C1CAB12B50300B2B3E70D34 65424 ----a-w- C:\Program Files\CheckPoint\Install\vsdrinst.exe
2015-01-16 00:50:20 BA7DC0C9141BE7292CA7E744B6F19F26 897104 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.99\39.0.2171.99_39.0.2171.95_chrome_updater.exe
2015-01-15 22:40:57 DCAAC830DD8CC98DE188D75F02E79520 34651995 ----a-w- C:\Users\Aldemir\Downloads\torbrowser-install-4.0.3_pt-PT.exe
2015-01-15 22:22:08 9BB42331A34825BCD9A15F853F91204B 226075384 ----a-w- C:\Users\Aldemir\Downloads\cispremium_installer.exe
2015-01-15 18:58:48 8A289EF0AE709327D6AA9769E108B5A6 3916728 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-15 18:58:48 2AF481C03C0383ADE09FFEDA0C583140 3971512 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2015-01-15 00:20:48 678FD7AA6ECA7E0ACA6A0C348F87E539 688923 ----a-w- C:\Users\Aldemir\Downloads\virtualbox-4-3-20-96996-32-bits.exe
2015-01-14 23:38:20 76B6F5D978B608A7788C48FFDB8E5E26 3401864 ----a-w- C:\Users\Aldemir\Downloads\zafwSetupWeb_133_209_000.exe
2015-01-14 17:55:02 306EB846F88E58C7E763946DE95952E3 46592 ----a-w- C:\Windows\System32\TSWbPrxy.exe
=== C: other files ==
2015-01-16 19:52:13 49E092ABAAC2F471655C38064C7B566F 215208 ----a-w- C:\Windows\System32\DriverStore\FileRepository\e1q6232.inf_x86_neutral_f7eb5929ba4b5093\e1q6232.sys
2015-01-16 19:52:13 19E30C3C80D8CE29944B3F30FF9C8B76 224424 ----a-w- C:\Windows\System32\DriverStore\FileRepository\e1k6232.inf_x86_neutral_b2d8b4c622f44b3a\e1k6232.sys
2015-01-16 19:52:13 19E30C3C80D8CE29944B3F30FF9C8B76 224424 ----a-w- C:\Windows\System32\drivers\e1k6232.sys
2015-01-16 17:11:19 44EAB3875BBF898CD5164BA58FB5F7B9 196 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\app.DIR\Popcorn Time\node_modules\nw-gyp\gyp\samples\samples.bat
2015-01-16 17:11:18 962AC97BA2737832F3233916D7C56494 201 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\app.DIR\Popcorn Time\node_modules\nw-gyp\gyp\gyp.bat
2015-01-16 17:10:54 9E308F9DEF03CEF04306A4FF7A26FF57 41320 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\jsdrv.sys
2015-01-16 17:10:54 9E308F9DEF03CEF04306A4FF7A26FF57 41320 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\shopperpro.DIR\JSDriver\1473.0.0.0\jsdrv.sys
2015-01-16 17:10:54 14B8E0A621C193D1644E2747AE7AFBF1 50024 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\ytdownloader.DIR\sbmntr.sys
2015-01-16 17:10:53 21E25622478BE3B4BECDF1213BA5CDC8 39624 ----a-w- C:\Users\Aldemir\AppData\Roaming\ZHP\Quarantine\hotspot shield.DIR\HssWPR\hssdrv6.sys
2015-01-16 12:04:55 F89897263AD15D16442CE3C3C7848ED8 643168 ----a-w- C:\Windows\System32\drivers\klif.sys
2015-01-16 12:04:55 18E4506B0B2523B04D286F8E2C500C7F 111200 ----a-w- C:\Windows\System32\drivers\klflt.sys
2015-01-16 04:29:27 107B392417CBD17D32F55B09E774A8E4 1985966 ----a-w- C:\Users\Aldemir\Desktop\u.zip
2015-01-16 04:29:19 107B392417CBD17D32F55B09E774A8E4 1985966 ----a-w- C:\Users\Aldemir\Downloads\u.zip
2015-01-16 03:38:20 21E25622478BE3B4BECDF1213BA5CDC8 39624 ----a-w- C:\Windows\System32\DriverStore\FileRepository\nethss6.inf_x86_neutral_f5f9af92919da52c\hssdrv6.sys
2015-01-14 22:33:41 9DC1AED30858C5CF238670FDE25B5491 4123065 ----a-w- C:\Users\Aldemir\Downloads\AdvOR-0.3.0.7.zip
2015-01-14 17:54:46 03F899F521D2AAED1C55008F734DF252 116224 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2887622060-1900363798-2962781400-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Aldemir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Viber"="C:\Users\Aldemir\AppData\Local\Viber\Viber.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"Wondershare Helper Compact.exe"="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ZoneAlarm"="C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Aldemir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Viber"="C:\Users\Aldemir\AppData\Local\Viber\Viber.exe"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [04/09/2014 18:30]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Look ======================
Google Chrome Version: 39.0.2171.99 (Up to date, latest Stable version: 39.0.2171.99)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
Google Slides - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Pocket - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk
Google Wallet - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Empty IE Cache ======================
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=614 folders=102 105593129 bytes)
==== Empty Temp Folders ======================
C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 17/01/2015 at 20:12:57,19 ======================
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
/!\ Boa Noite! Aldemir /!\
> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+
> Caso não haja mais problemas,remova as ferramentas que foram utilizadas na desinfecção!
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: virus, malware, baidu, anyprotect, adwares...
Olá joram, boa noite
pronto!
Delfix utilizado
removido ferramentas de desinfecção
tudo ok
pode mover este tópico a casos resolvidos
muito obrigado
abraços
pronto!
Delfix utilizado
removido ferramentas de desinfecção
tudo ok
pode mover este tópico a casos resolvidos
muito obrigado
abraços
Aldemir- Membro
- Mensagens : 162
Reputação : 0
Data de inscrição : 29/05/2014
Re: virus, malware, baidu, anyprotect, adwares...
Caso Resolvido
Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.
Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Tópicos semelhantes
» Provável vírus ou malware. Baidu e outros mais....
» Adwares e malware
» Vírus ou malware no pc
» varios virus e adwares
» Computador com adwares e vírus
» Adwares e malware
» Vírus ou malware no pc
» varios virus e adwares
» Computador com adwares e vírus
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|