Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 14 usuários online :: 0 registrados, 0 invisíveis e 14 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Propagandas Indesejáveis
2 participantes
Página 1 de 3
Página 1 de 3 • 1, 2, 3 
Propagandas Indesejáveis
por Douglas Lima Sáb 07 Fev 2015, 12:43
Bom dia pessoal da Forum PC Brasil,
Preciso de uma orientação para eliminar algumas propagandas indesejáveis nas paginas e com as palavras sublinhadas.
Preciso de uma orientação para eliminar algumas propagandas indesejáveis nas paginas e com as palavras sublinhadas.
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Sáb 07 Fev 2015, 12:48
Olá Douglas.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Sáb 07 Fev 2015, 13:13
Não consigo anexar o arquivo, dando mensagem de vermelho acima como o espaço total de armazenamento foi ultrapassado.(Espaço restnte: 1 Kb)
Mando a baixo a lista...
# AdwCleaner v4.110 - Logfile created 07/02/2015 at 12:03:53
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : DOUGLAS - DOUGLAS
# Running from : C:\Users\DOUGLAS\Downloads\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
Service Deleted : webinstrNHKT
[#] Service Deleted : cherimoya
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\ver1BlockAndSurf
Folder Deleted : C:\Users\DOUGLAS\AppData\Roaming\ProgSense
Folder Deleted : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbcffenncokfocljomejddmgcpppjom
Folder Deleted : C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpabppcibfahafilhkbbgfnlncppdnc
File Deleted : C:\END
File Deleted : C:\Windows\patsearch.bin
File Deleted : C:\Windows\system32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
File Deleted : C:\Windows\system32\drivers\webinstrNHKT.sys
File Deleted : C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\6jfdy8sb.default-1420230447026\user.js
File Deleted : C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196\user.js
***** [ Scheduled tasks ] *****
Task Deleted : BlockAndSurf Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{FBF5F988-DA75-F343-F088-B6E8A77E5F9D}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgbcffenncokfocljomejddmgcpppjom
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04C108DE-EA1F-48C2-857D-3269A246F6F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC73D608-6158-9FDA-DBC1-0040637EBB57}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC73D608-6158-9FDA-DBC1-0040637EBB57}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\ProgSense
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\WordProser_1.10.0.1
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\A0A7E636-4E54-BA27-CB4A-028CB11D37E1
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 pt-BR)
-\\ Google Chrome v39.0.2171.95
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [12468 bytes] - [07/02/2015 11:59:07]
AdwCleaner[S0].txt - [12235 bytes] - [07/02/2015 12:03:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12295 bytes] ##########
Mando a baixo a lista...
# AdwCleaner v4.110 - Logfile created 07/02/2015 at 12:03:53
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : DOUGLAS - DOUGLAS
# Running from : C:\Users\DOUGLAS\Downloads\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
Service Deleted : webinstrNHKT
[#] Service Deleted : cherimoya
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\ver1BlockAndSurf
Folder Deleted : C:\Users\DOUGLAS\AppData\Roaming\ProgSense
Folder Deleted : C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbcffenncokfocljomejddmgcpppjom
Folder Deleted : C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpabppcibfahafilhkbbgfnlncppdnc
File Deleted : C:\END
File Deleted : C:\Windows\patsearch.bin
File Deleted : C:\Windows\system32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
File Deleted : C:\Windows\system32\drivers\webinstrNHKT.sys
File Deleted : C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\6jfdy8sb.default-1420230447026\user.js
File Deleted : C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196\user.js
***** [ Scheduled tasks ] *****
Task Deleted : BlockAndSurf Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{FBF5F988-DA75-F343-F088-B6E8A77E5F9D}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgbcffenncokfocljomejddmgcpppjom
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04C108DE-EA1F-48C2-857D-3269A246F6F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC73D608-6158-9FDA-DBC1-0040637EBB57}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC73D608-6158-9FDA-DBC1-0040637EBB57}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\ProgSense
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\WordProser_1.10.0.1
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\A0A7E636-4E54-BA27-CB4A-028CB11D37E1
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 pt-BR)
-\\ Google Chrome v39.0.2171.95
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [12468 bytes] - [07/02/2015 11:59:07]
AdwCleaner[S0].txt - [12235 bytes] - [07/02/2015 12:03:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12295 bytes] ##########
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Sáb 07 Fev 2015, 13:17
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Sáb 07 Fev 2015, 14:00
Segue abaixo o relatorio...
Zoek.exe v5.0.0.0 Updated 06-February-2015
Tool run by DOUGLAS on 07/02/2015 at 12:20:13,13.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\DOUGLAS\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
07/02/2015 12:21:33 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Users\Convidado\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196\prefs.js:
Added to C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Windows\system32\tasks\BlockAndSurf Update deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\DOUGLAS\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [26/01/2015 20:53]
==== Firefox Extensions ======================
ProfilePath: C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196
- Undetermined - {FBF5F988-DA75-F343-F088-B6E8A77E5F9D}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\DOUGLAS\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
9860727E477F17B88E39AF8B69B0407A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
B5269A90EB2C747C4802E2FE0527C5D2 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
637839AC6ED995510A411327C5C2DA61 - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
7ABA2EAB736F7E9EB0E03ACAA42CCB51 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
5DB82B8C515C875AE58E1B8B5997416B - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
2CDA67C1309CA966D8EFEE4EE0D6CA92 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
4E31DE484AD120894D0D3E7740979108 - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect
==== Chromium Look ======================
Google Chrome Version: 39.0.2171.95 (Possible outdated, latest Stable version: 40.0.2214.94)
Google Slides - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
AdBlock - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Save Sense (Edge) - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlfekbihalclhgcbbdggcnjagkgflgkd
Google Wallet - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
Gmail - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Convidado\Desktop\Conectividade Social.lnk - C:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Convidado\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\DOUGLAS\Desktop\ACI.lnk - C:\Users\DOUGLAS\ACI\aci.exe
C:\Users\DOUGLAS\Desktop\Conectividade Social.lnk - C:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\DOUGLAS\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\DOUGLAS\Desktop\GDRais 2014.lnk - D:\GDRais2014\gdrais.bat
C:\Users\DOUGLAS\Desktop\Iso2God - Atalho.lnk - C:\Users\DOUGLAS\Desktop\Iso2God v1.3.6\Iso2God.exe
C:\Users\DOUGLAS\Desktop\MediaCoder.lnk - C:\Program Files\MediaCoder\mediacoder.exe
C:\Users\DOUGLAS\Desktop\Namebench.lnk - C:\Program Files\Namebench\namebench.exe
C:\Users\DOUGLAS\Desktop\Photoshop CS3.lnk - C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Users\DOUGLAS\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\DOUGLAS\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\DOUGLAS\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\CAGEDNet.lnk - C:\Program Files\CAGED\CAGEDNet\CAGEDNet.exe
C:\Users\Public\Desktop\Discador TopSapp.lnk - C:\Program Files\Discador TopSapp\Discador.exe
C:\Users\Public\Desktop\Horizon.lnk - C:\Program Files\Daring Development\Horizon\v2\Horizon.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Quantum.lnk - C:\Program Files\Quantum\Quantum.exe
C:\Users\Public\Desktop\SEFIP.lnk - D:\Program Files\CAIXA\SEFIP\Sefip.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\TIM Communicator.lnk - C:\Program Files\TIM Communicator\orolixcommunicator.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI\ACI.lnk - C:\Users\DOUGLAS\ACI\aci.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI\Uninstall ACI.lnk - C:\Users\DOUGLAS\ACI\uninstall.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet\CAGEDNet.lnk - C:\Program Files\CAGED\CAGEDNet\CAGEDNet.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet\Uninstall CAGEDNet.lnk - C:\Program Files\CAGED\CAGEDNet\uninstall.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava\Desinstalar.lnk - C:\Windows\System32\java.exe -jar "D:\GDRais2014\Uninstaller\Uninstaller.jar"
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava\GDRais 2014.lnk - D:\GDRais2014\gdrais.bat
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA\Conectividade Social.lnk - C:\Program Files\CAIXA\CNS\cnsini.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Desinstalar Discador TopSapp.lnk - C:\Program Files\Discador TopSapp\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Discador TopSapp.lnk - C:\Program Files\Discador TopSapp\Discador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Desinstalar.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configurar o Visualizador de fotos do Picasa.lnk - C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe /reconfig
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Desinstalar.lnk - C:\Program Files\Google\Picasa3\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Sicalc Auto Atendimento\Desinstalar.lnk - C:\Program Files\Programas RFB\Sicalc Auto Atendimento\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Sicalc Auto Atendimento\Sicalc Auto Atendimento.lnk - C:\Program Files\Programas RFB\Sicalc Auto Atendimento\SicalcAA.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Quantum.lnk - C:\Program Files\Quantum\Quantum.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Uninstall Quantum.lnk - C:\Program Files\Quantum\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Desinstalar SEFIP.lnk - D:\Program Files\CAIXA\SEFIP\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Leiaute de Folha.lnk - D:\Program Files\CAIXA\SEFIP\FOLHA.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual de Erros e Ações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual Operacional.lnk - D:\Program Files\CAIXA\SEFIP\Manual Operacional.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\SEFIP.lnk - D:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Quick Launch ======================
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CAGEDNet.lnk - C:\Program Files\CAGED\CAGEDNet\CAGEDNet.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DigitalVideoConverter.lnk - C:\Program Files\DigitalVideoConverter\videoauthor.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Horizon.lnk - C:\Program Files\Daring Development\Horizon\v2\Horizon.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office OneNote 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Quantum.lnk - C:\Program Files\Quantum\Quantum.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Camera Assistant Software.lnk - C:\Program Files\Camera Assistant Software for AOC\traybar.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MediaCoder.lnk - C:\Program Files\MediaCoder\mediacoder.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Win7LogonBackgroundChanger - Atalho.lnk - C:\Program Files\Win7LogonBackgroundChanger\Windows 7 Logon Background Changer\Win7LogonBackgroundChanger.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully
==== Empty IE Cache ======================
C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DOUGLAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DOUGLAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMJNMV6Y will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\DOUGLAS\AppData\Local\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=336 folders=103 21339552 bytes)
==== Empty Temp Folders ======================
C:\Users\Convidado\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DOUGLAS\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\DOUGLAS\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\DOUGLAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMJNMV6Y" not found
"C:\Users\DOUGLAS\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FSC7GURE\fbstatic-a.akamaihd.net" not found
==== EOF on 07/02/2015 at 12:47:24,82 ======================
Zoek.exe v5.0.0.0 Updated 06-February-2015
Tool run by DOUGLAS on 07/02/2015 at 12:20:13,13.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\DOUGLAS\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
07/02/2015 12:21:33 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Users\Convidado\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196\prefs.js:
Added to C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Windows\system32\tasks\BlockAndSurf Update deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\DOUGLAS\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [26/01/2015 20:53]
==== Firefox Extensions ======================
ProfilePath: C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196
- Undetermined - {FBF5F988-DA75-F343-F088-B6E8A77E5F9D}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\DOUGLAS\AppData\Roaming\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
6C5C8D59CF0FAB004AB572F4F11BC5E0 - C:\Users\DOUGLAS\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
9860727E477F17B88E39AF8B69B0407A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
B5269A90EB2C747C4802E2FE0527C5D2 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
637839AC6ED995510A411327C5C2DA61 - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
7ABA2EAB736F7E9EB0E03ACAA42CCB51 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
5DB82B8C515C875AE58E1B8B5997416B - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
2CDA67C1309CA966D8EFEE4EE0D6CA92 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
4E31DE484AD120894D0D3E7740979108 - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect
==== Chromium Look ======================
Google Chrome Version: 39.0.2171.95 (Possible outdated, latest Stable version: 40.0.2214.94)
Google Slides - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
AdBlock - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Save Sense (Edge) - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlfekbihalclhgcbbdggcnjagkgflgkd
Google Wallet - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
Gmail - DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Convidado\Desktop\Conectividade Social.lnk - C:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Convidado\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\DOUGLAS\Desktop\ACI.lnk - C:\Users\DOUGLAS\ACI\aci.exe
C:\Users\DOUGLAS\Desktop\Conectividade Social.lnk - C:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\DOUGLAS\Desktop\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\DOUGLAS\Desktop\GDRais 2014.lnk - D:\GDRais2014\gdrais.bat
C:\Users\DOUGLAS\Desktop\Iso2God - Atalho.lnk - C:\Users\DOUGLAS\Desktop\Iso2God v1.3.6\Iso2God.exe
C:\Users\DOUGLAS\Desktop\MediaCoder.lnk - C:\Program Files\MediaCoder\mediacoder.exe
C:\Users\DOUGLAS\Desktop\Namebench.lnk - C:\Program Files\Namebench\namebench.exe
C:\Users\DOUGLAS\Desktop\Photoshop CS3.lnk - C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Users\DOUGLAS\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\DOUGLAS\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\DOUGLAS\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\CAGEDNet.lnk - C:\Program Files\CAGED\CAGEDNet\CAGEDNet.exe
C:\Users\Public\Desktop\Discador TopSapp.lnk - C:\Program Files\Discador TopSapp\Discador.exe
C:\Users\Public\Desktop\Horizon.lnk - C:\Program Files\Daring Development\Horizon\v2\Horizon.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Quantum.lnk - C:\Program Files\Quantum\Quantum.exe
C:\Users\Public\Desktop\SEFIP.lnk - D:\Program Files\CAIXA\SEFIP\Sefip.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\TIM Communicator.lnk - C:\Program Files\TIM Communicator\orolixcommunicator.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI\ACI.lnk - C:\Users\DOUGLAS\ACI\aci.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI\Uninstall ACI.lnk - C:\Users\DOUGLAS\ACI\uninstall.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet\CAGEDNet.lnk - C:\Program Files\CAGED\CAGEDNet\CAGEDNet.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet\Uninstall CAGEDNet.lnk - C:\Program Files\CAGED\CAGEDNet\uninstall.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava\Desinstalar.lnk - C:\Windows\System32\java.exe -jar "D:\GDRais2014\Uninstaller\Uninstaller.jar"
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava\GDRais 2014.lnk - D:\GDRais2014\gdrais.bat
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA\Conectividade Social.lnk - C:\Program Files\CAIXA\CNS\cnsini.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Desinstalar Discador TopSapp.lnk - C:\Program Files\Discador TopSapp\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Discador TopSapp.lnk - C:\Program Files\Discador TopSapp\Discador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Desinstalar.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configurar o Visualizador de fotos do Picasa.lnk - C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe /reconfig
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Desinstalar.lnk - C:\Program Files\Google\Picasa3\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Sicalc Auto Atendimento\Desinstalar.lnk - C:\Program Files\Programas RFB\Sicalc Auto Atendimento\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Sicalc Auto Atendimento\Sicalc Auto Atendimento.lnk - C:\Program Files\Programas RFB\Sicalc Auto Atendimento\SicalcAA.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Quantum.lnk - C:\Program Files\Quantum\Quantum.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Uninstall Quantum.lnk - C:\Program Files\Quantum\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Desinstalar SEFIP.lnk - D:\Program Files\CAIXA\SEFIP\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Leiaute de Folha.lnk - D:\Program Files\CAIXA\SEFIP\FOLHA.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual de Erros e Ações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual Operacional.lnk - D:\Program Files\CAIXA\SEFIP\Manual Operacional.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\SEFIP.lnk - D:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Quick Launch ======================
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CAGEDNet.lnk - C:\Program Files\CAGED\CAGEDNet\CAGEDNet.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DigitalVideoConverter.lnk - C:\Program Files\DigitalVideoConverter\videoauthor.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Format Factory.lnk - C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Horizon.lnk - C:\Program Files\Daring Development\Horizon\v2\Horizon.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office OneNote 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Quantum.lnk - C:\Program Files\Quantum\Quantum.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk -
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Camera Assistant Software.lnk - C:\Program Files\Camera Assistant Software for AOC\traybar.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MediaCoder.lnk - C:\Program Files\MediaCoder\mediacoder.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Win7LogonBackgroundChanger - Atalho.lnk - C:\Program Files\Win7LogonBackgroundChanger\Windows 7 Logon Background Changer\Win7LogonBackgroundChanger.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully
==== Empty IE Cache ======================
C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DOUGLAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DOUGLAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMJNMV6Y will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\DOUGLAS\AppData\Local\Mozilla\Firefox\Profiles\t2wa1wwz.default-1420926113196\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\DOUGLAS\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=336 folders=103 21339552 bytes)
==== Empty Temp Folders ======================
C:\Users\Convidado\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DOUGLAS\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\DOUGLAS\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\DOUGLAS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMJNMV6Y" not found
"C:\Users\DOUGLAS\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FSC7GURE\fbstatic-a.akamaihd.net" not found
==== EOF on 07/02/2015 at 12:47:24,82 ======================
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Sáb 07 Fev 2015, 14:09
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Para executá-lo corretamente siga as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.
Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPCleaner para baixá-lo, tal como mostra a imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Para executá-lo corretamente siga as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Sáb 07 Fev 2015, 14:40
Segue abaixo o relatório e ZHPDiag...
~ Relatório do ZHPDiag v2015.1.9.4 - Nicolas Coolman (09/01/2015)
~ Iniciado por DOUGLAS (07/02/2015 13:36:14)
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17501
MFIE: Mozilla Firefox 35.0.1
GCIE: Google Chrome v39.0.2171.95 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Microsoft Security Client PT-BR Language Pack v2.0.0657.0
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 15 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (8%) free of 39 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DOUGLAS
~ User Name: DOUGLAS
~ All Users Names: DOUGLAS, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\DOUGLAS\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DOUGLAS\AppData\Roaming\
~ %Desktop% : C:\Users\DOUGLAS\Desktop\
~ %Favorites% : C:\Users\DOUGLAS\Favorites\
~ %LocalAppData% : C:\Users\DOUGLAS\AppData\Local\
~ %StartMenu% : C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 39 Go)
D: Hard drive, Flash drive, Thumb drive (Free 132 Go of 253 Go)
E: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 09:17:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.5E4E0E43E0A5BF9F089696DFA7A3D677] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/11/2014 - 22:00:20.) -- C:\Windows\System32\wininet.dll [1888256]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.16/07/2014 - 22:39:27.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/6
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 1/86
~ Mon Bureau (My Desktop) : 1/7273
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 04s
---\\ Processos lançados
[MD5.644795F6985C740F5E36E9336B837D0B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072] [PID.2996]
[MD5.F920FBB43C1CDB905044C91B9A3FD516] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18643560] [PID.3184]
[MD5.FA18A83CD2D176C72692F149C549E247] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe [1374032] [PID.3208] =>P2P.BitTorrent
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.3356]
[MD5.5F3587E344F2990B59C941FB405CAA0F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [856904] [PID.4000]
[MD5.E6B65C40F24E207DF5937AA3641CA381] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8151040] [PID.3564]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886D} . (...) --
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\DOUGLAS\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 38 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [DOUGLAS]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [DOUGLAS]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [DOUGLAS]: Namebench.lnk . (...) -- C:\Program Files\Namebench\namebench.exe =>PUP.GiganticSavings
O4 - GS\Desktop [DOUGLAS]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 4 Legitimates Filtered in 00mn 04s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (.not file.)
O4 - HKLM\..\Run: [gmsd_br_78] Chave orfã
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.8.0_31\bin\jusched.exe (.not file.) =>.Oracle Corporation
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4284725103-841026821-2663200864-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-4284725103-841026821-2663200864-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (.not file.)
O4 - HKUS\S-1-5-21-4284725103-841026821-2663200864-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-4284725103-841026821-2663200864-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office12\ONBttnIE.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{26B1861C-28B9-4683-8346-A9F7B44C3B97}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CCE8680-D185-46A1-8E01-7DE197363922}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{573FEBC4-6801-4F03-96E9-24F828F849E4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F3734DB-EA99-400E-ADB2-16922185E257}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2B77402-60A3-4799-8891-CFC9154307BC}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F3734DB-EA99-400E-ADB2-16922185E257}: NameServer = 10.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{26B1861C-28B9-4683-8346-A9F7B44C3B97}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CCE8680-D185-46A1-8E01-7DE197363922}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{573FEBC4-6801-4F03-96E9-24F828F849E4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F3734DB-EA99-400E-ADB2-16922185E257}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D2B77402-60A3-4799-8891-CFC9154307BC}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{26B1861C-28B9-4683-8346-A9F7B44C3B97}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{3CCE8680-D185-46A1-8E01-7DE197363922}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{573FEBC4-6801-4F03-96E9-24F828F849E4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{9F3734DB-EA99-400E-ADB2-16922185E257}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{D2B77402-60A3-4799-8891-CFC9154307BC}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{3B6E5116-1055-472B-80BE-98E40786287C}] (...) -- C:\Users\DOUGLAS\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
[MD5.00000000000000000000000000000000] [APT] [{49ACD15A-52EF-4908-8F67-400684924CB1}] (...) -- C:\Users\DOUGLAS\AppData\Local\Temp\C165300A80D4477F88E7D4DFD0A866CF\TrueImageInstallMenu_standard.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 9 Legitimates Filtered in 00mn 05s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (gosaferdrv) . (. - .) - C:\Windows\System32\drivers\gosaferdrv.sys (.not file.)
O41 - Driver: (mosfilterdrv) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\mosfilterdrv.sys
O41 - Driver: (pofilterdrv) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\pofilterdrv.sys
~ Drivers: 104 Legitimates Filtered in 00mn 01s
---\\ Software instalados (042)
O42 - Logiciel: ACI - (.Ministério do Trabalho e Emprego.) [HKLM] -- EBB7DDC5-F8A7-4C1A-8BDB-C64456D342A5
O42 - Logiciel: BRApp - (.BR SOFTWARE LLC.) [HKLM] -- BRApp
O42 - Logiciel: CAGEDNet - (.Dataprev.) [HKLM] -- 4999919A-61DF-2230-AF39-F4BCF13A809A
O42 - Logiciel: Conectividade Social - (...) [HKLM] -- Conectividade Social
O42 - Logiciel: DigiBestDriver - (.DigiBest Technology CO., LTD.) [HKLM] -- InstallShield_{8B96A93A-E472-4A6C-BC20-4578C665448B}
O42 - Logiciel: FSB GUI version 4.0 - (.jbox@360hacks.de.) [HKLM] -- {568DC1C6-2E6F-4F7E-B169-FE2A1689E913}_is1
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Horizon v2.7.9.3 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Quantum - (.Quantum LLC.) [HKLM] -- Quantum
O42 - Logiciel: SEFIP 8.40 - (...) [HKLM] -- SEFIP 8.40
O42 - Logiciel: Sicalc Auto Atendimento - (.Receita Federal do Brasil.) [HKLM] -- Sicalc Auto Atendimento
O42 - Logiciel: TIM Communicator - (...) [HKLM] -- OrolixCommunicator
~ Logic: 22 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\39676InstEnd]
[HKCU\Software\ARL]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Autogg]
[HKCU\Software\Autogg_ini]
[HKCU\Software\CASNeuter]
[HKCU\Software\GbAs]
[HKCU\Software\Kounen]
[HKCU\Software\M45C4]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\Quantum]
[HKCU\Software\Search Vortex]
[HKCU\Software\WCA]
[HKCU\Software\YVETWWON]
[HKCU\Software\YXHVXJV]
[HKCU\Software\i.Tech]
[HKCU\Software\nands]
[HKLM\Software\Caixa]
[HKLM\Software\GOSafer]
[HKLM\Software\NJax]
[HKLM\Software\Orolix]
[HKLM\Software\Programas RFB]
[HKLM\Software\Search Vortex]
~ Key Software: 234 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/01/2015 - 20:09:18 - [] ----D C:\Program Files\CAGED
O43 - CFD: 05/02/2015 - 00:10:36 - [] ----D C:\Program Files\CAIXA
O43 - CFD: 28/11/2013 - 22:34:20 - [] ----D C:\Program Files\Daring Development
O43 - CFD: 28/09/2012 - 22:24:45 - [] ----D C:\Program Files\DigiBestTV
O43 - CFD: 22/10/2010 - 22:54:33 - [] ----D C:\Program Files\driver de video
O43 - CFD: 29/11/2013 - 01:15:24 - [] ----D C:\Program Files\FSB GUI
O43 - CFD: 22/03/2011 - 20:28:28 - [] ----D C:\Program Files\Kounen
O43 - CFD: 18/01/2015 - 16:26:33 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 02/02/2015 - 23:40:39 - [] ----D C:\Program Files\Quantum
O43 - CFD: 03/01/2015 - 18:41:51 - [] ----D C:\Program Files\TIM Communicator
O43 - CFD: 03/02/2010 - 12:58:38 - [] ----D C:\Program Files\TpvAoc
O43 - CFD: 10/05/2013 - 19:26:06 - [] ----D C:\Program Files\Win7LogonBackgroundChanger
O43 - CFD: 24/10/2010 - 07:43:41 - [] ----D C:\Program Files\Windows.old
O43 - CFD: 29/07/2011 - 20:19:28 - [] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 05/02/2015 - 00:11:38 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA
O43 - CFD: 29/11/2013 - 01:15:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSB GUI
O43 - CFD: 18/10/2014 - 15:44:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
O43 - CFD: 18/01/2015 - 16:26:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 02/02/2015 - 23:46:12 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum
O43 - CFD: 14/07/2009 - 04:48:45 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 21/07/2011 - 11:17:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator
O43 - CFD: 06/02/2015 - 23:42:02 - [] ----D C:\Users\DOUGLAS\AppData\Roaming\Quantum
O43 - CFD: 11/08/2012 - 15:58:28 - [] ----D C:\Users\DOUGLAS\AppData\Roaming\VIVO INTERNET
O43 - CFD: 05/01/2015 - 21:16:20 - [] -SH-D C:\Users\DOUGLAS\AppData\Local\EmieBrowserModeList
O43 - CFD: 08/10/2014 - 21:16:06 - [] ----D C:\Users\DOUGLAS\AppData\Local\Paradox
O43 - CFD: 25/11/2013 - 19:15:55 - [] ----D C:\Users\DOUGLAS\AppData\Local\Team_360h
O43 - CFD: 06/01/2015 - 20:08:03 - [] ----D C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI
O43 - CFD: 06/01/2015 - 20:09:30 - [] ----D C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet
O43 - CFD: 05/02/2015 - 00:11:38 - [0] ----D C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAIXA
O43 - CFD: 28/01/2015 - 21:32:21 - [] ----D C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava
~ Program Folder: 220 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.F516ED323913F51719DBBB6AD6B3B8BC] - 05/02/2015 - 00:10:50 ---A- . (...) -- C:\Windows\System32\Stdcxiac.tlb [4000]
O44 - LFC:[MD5.8963650262B6087EC2D5E3E73E09CA6D] - 05/02/2015 - 00:10:50 ---A- . (...) -- C:\Windows\System32\Stdcxiap.tlb [1664]
O44 - LFC:[MD5.53A3186955D2351C22647B9D6C648556] - 05/02/2015 - 00:10:50 ---A- . (...) -- C:\Windows\System32\Stdcxom.tlb [8108]
O44 - LFC:[MD5.F9B3E46EFCCD9ED659256C53B15936BC] - 05/02/2015 - 00:10:54 ---A- . (...) -- C:\Windows\System32\cnsHTTP.dll [435200]
O44 - LFC:[MD5.FA164A7B15FE1B00510424F8AA185F01] - 05/02/2015 - 00:10:54 ---A- . (...) -- C:\Windows\System32\simplezip.dll [333312]
O44 - LFC:[MD5.6CD1AE8EAC6A7377329AF15E1C493BA5] - 05/02/2015 - 00:11:09 ---A- . (...) -- C:\Windows\System32\Dao2535.tlb [73184]
O44 - LFC:[MD5.51551EA418DE1C09AF56D21355412780] - 05/02/2015 - 00:11:11 ---A- . (...) -- C:\Windows\System32\MSDATGRD.oca [65536]
O44 - LFC:[MD5.5EF38D04093306E484C5D673F2CA52C5] - 05/02/2015 - 00:11:11 ---A- . (...) -- C:\Windows\System32\Mshflxgd.srg [111]
O44 - LFC:[MD5.012DE52D6C43AE452F0CB3743B323C17] - 05/02/2015 - 00:11:23 ---A- . (.CEF - ObsCpApi Client (011003).) -- C:\Windows\System32\obscpapi.dll [236230]
O44 - LFC:[MD5.6D04485AC797E37D1D18EBC22209FA51] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Clhtcert.prg [1883]
O44 - LFC:[MD5.8A195039A3C941CE479EC81561F3A15A] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Clhtreg.prg [2545]
O44 - LFC:[MD5.462E7D0C9D0DF332490B9D063AD83742] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Clhttp.prg [3055]
O44 - LFC:[MD5.0DE252F8AA0E11ADA728F6B969DA9D55] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Clusr1.prg [7]
O44 - LFC:[MD5.0DE252F8AA0E11ADA728F6B969DA9D55] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Clusr2.prg [7]
O44 - LFC:[MD5.C7B08AFBAE9C9AC143E6E4404D50CBC3] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Hl_med32.dll [218112]
O44 - LFC:[MD5.F3F8B94E5676F0526759C79466C5DE76] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Hl_pub32.dll [31744]
O44 - LFC:[MD5.A2FAA45C76E9BA447191254E84A1B079] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Hlsoft32.dll [167936]
O44 - LFC:[MD5.5586E31B48F7B5F4CE8160BD531AC2C5] - 05/02/2015 - 00:11:28 ---A- . (...) -- C:\Windows\System32\Prox.dll [371200]
O44 - LFC:[MD5.3AA75194FFB6D901516D3126C3B05220] - 05/02/2015 - 00:11:28 ---A- . (...) -- C:\Windows\System32\Prx.dll [2256384]
O44 - LFC:[MD5.2558CBC8F2C555B757DDBD472BB9253A] - 05/02/2015 - 00:11:28 ---A- . (...) -- C:\Windows\System32\Rsa_w32.dll [51712]
O44 - LFC:[MD5.2C3F7864C73EF26A263D4448586BBF6F] - 05/02/2015 - 00:11:28 ---A- . (...) -- C:\Windows\System32\tcpconf.dat [148]
O44 - LFC:[MD5.4C6D38150513F98CF0E4ECE89E883144] - 05/02/2015 - 00:11:28 ---A- . (.Stardust Technologies, Inc. - Windows 95 WCA Loader.) -- C:\Windows\System32\W32spdll.dll [17920]
O44 - LFC:[MD5.77D9E6C49F39A8B4DB6E0210DDD0A6D8] - 05/02/2015 - 00:11:28 ---A- . (.Stardust Technologies, Inc. - Winsock Component Architecture.) -- C:\Windows\System32\Wca_32.dll [117760]
O44 - LFC:[MD5.EAAE9CE268BFC7EBFD62AB9445EA331F] - 05/02/2015 - 00:27:46 ---A- . (.DBA - cnsselo.) -- C:\Windows\System32\cnsselo.dll [379904]
O44 - LFC:[MD5.8EF3896F48B1CB4E6E62987A40431357] - 06/02/2015 - 23:46:23 ---A- . (...) -- C:\DataHora.cns [27]
O44 - LFC:[MD5.995ECAF93E3B518E50CA22D3E4AECEA6] - 06/02/2015 - 23:57:48 ---A- . (...) -- C:\prox.log [70824]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 07/02/2015 - 12:19:20 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.EFB75998633AD3E2FDAA5EFC0A482EE5] - 07/02/2015 - 12:47:24 ---A- . (...) -- C:\zoek-results.log [26785]
O44 - LFC:[MD5.6DABC64FE1DDCAE435DE15256BDD9754] - 07/02/2015 - 12:50:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [127896]
O44 - LFC:[MD5.AC57B72B3432F1A0BA1C8200F588562A] - 07/02/2015 - 12:50:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663606]
~ Files: 68 Legitimates Filtered in 00mn 07s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{e1dfc21d-eda0-11e2-8b8d-0025ab009cef}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:17/12/2009 - 17:10:12 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\Windows\System32\Drivers\emBDA.sys [579968]
O58 - SDL:24/03/2010 - 20:10:38 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\Windows\System32\Drivers\emOEM.sys [130432]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/10/2014 - 23:52:48 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\mosfilterdrv.sys [55608]
O58 - SDL:02/12/2014 - 17:57:08 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\pofilterdrv.sys [55616]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [721904]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 89 Legitimates Filtered in 00mn 39s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 21/10/2014 - C:\Windows\System32\drivers\mosfilterdrv.sys (mosfilterdrv) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_MOSFILTERDRV
O64 - Services: CurCS - 02/12/2014 - C:\Windows\System32\drivers\pofilterdrv.sys (pofilterdrv) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_POFILTERDRV
O64 - Services: CurCS - 09/05/1745 - C:\Windows\System32\Drivers\sptd.sys (sptd) .(...) - LEGACY_SPTD
~ Legacy: 214 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1FE9E78014E990C3374F4D167DA5E5ED] [SPRF][06/01/2015] (...) -- C:\Users\DOUGLAS\AppData\Roaming\unins000.dat [17762]
[MD5.96E95EDEC2D2CEA19297A4ABC54A86FB] [SPRF][23/05/2013] (.No owner - 360mpGui.) -- C:\Users\DOUGLAS\Desktop\360mpGui v1.1.3.0.exe [5176915]
[MD5.92ABBC6E52E32F8F66684F90BF4A25CE] [SPRF][10/01/2015] (...) -- C:\Users\DOUGLAS\Desktop\zoek.exe [1295360]
[MD5.C9829B02F58140D0FA32A9FA1E7FBA68] [SPRF][20/01/2014] (.No owner - K-Lite Mega Codec Pack Setup.) -- C:\Program Files\892-K-Lite_Codec_Pack_1020_Mega.exe [31772694]
[MD5.7FAF5DD11A44CC98EA90BEB800191120] [SPRF][22/01/2008] (.afa - AF15BDAEX.) -- C:\Program Files\AFABDAEX.dll [28672]
[MD5.0B1EBB87377A0647EDD85D70F85D527B] [SPRF][03/06/2009] (.eMPIA Technology, Inc. - USB 28xx BDA DLL API.) -- C:\Program Files\emDLL.dll [76288]
[MD5.8B9C66B16AAB51E47CD3EE6B2A12F3B1] [SPRF][15/12/2008] (...) -- C:\Program Files\GetHardID.dll [117248]
[MD5.D31E8D4C07DD658DE7C7A272F818C450] [SPRF][30/11/2009] (...) -- C:\Program Files\MediaTV.dll [216576]
[MD5.040895CBB5BEB2C6A6ADA6969B16F20F] [SPRF][08/06/2009] (...) -- C:\Program Files\MediaTVScheduleMonitor.dll [65536]
[MD5.28546D03AB6033BFCF85A1E2038DA515] [SPRF][10/02/2007] (...) -- C:\Program Files\RSA_DLL.dll [122880]
~ Files: 12 Legitimates Filtered in 00mn 02s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{E20B4FC3-8757-4454-A6CB-DDA6F8E69FAA}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{2FC07C89-0A6E-4543-AD0B-85AE63911B89}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 03s
---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [721904]
~ Emulateurs: Scanned in 00mn 34s
---\\ Scâner Aditional (088)
Database Version : 13008 - (09/01/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 267413 Items scanned in 00mn 57s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPSK) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.GiganticSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
~ MSI: 2 link(s) detected in 00mn 00s
~ 1048 Legitimates filtered by white list
End of the scan (512 lines in 03mn 16s)(0)
~ Relatório do ZHPDiag v2015.1.9.4 - Nicolas Coolman (09/01/2015)
~ Iniciado por DOUGLAS (07/02/2015 13:36:14)
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17501
MFIE: Mozilla Firefox 35.0.1
GCIE: Google Chrome v39.0.2171.95 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Microsoft Security Client PT-BR Language Pack v2.0.0657.0
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 15 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 3 GB (8%) free of 39 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DOUGLAS
~ User Name: DOUGLAS
~ All Users Names: DOUGLAS, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\DOUGLAS\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\DOUGLAS\AppData\Roaming\
~ %Desktop% : C:\Users\DOUGLAS\Desktop\
~ %Favorites% : C:\Users\DOUGLAS\Favorites\
~ %LocalAppData% : C:\Users\DOUGLAS\AppData\Local\
~ %StartMenu% : C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 3 Go of 39 Go)
D: Hard drive, Flash drive, Thumb drive (Free 132 Go of 253 Go)
E: CD-ROM drive (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 09:17:09.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.5E4E0E43E0A5BF9F089696DFA7A3D677] - (.Microsoft Corporation - Internet Extensions para Win32.) (.21/11/2014 - 22:00:20.) -- C:\Windows\System32\wininet.dll [1888256]
[MD5.52449FD429D6053B78AE564DEF303870] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.16/07/2014 - 22:39:27.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/6
~ Mes Favoris (My Favorites) : 1/20
~ Mes Documents (My Documents) : 1/86
~ Mon Bureau (My Desktop) : 1/7273
~ Menu demarrer (Programs) : 1/43
~ Hidden Files: Scanned in 00mn 04s
---\\ Processos lançados
[MD5.644795F6985C740F5E36E9336B837D0B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31072] [PID.2996]
[MD5.F920FBB43C1CDB905044C91B9A3FD516] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18643560] [PID.3184]
[MD5.FA18A83CD2D176C72692F149C549E247] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe [1374032] [PID.3208] =>P2P.BitTorrent
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.3356]
[MD5.5F3587E344F2990B59C941FB405CAA0F] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [856904] [PID.4000]
[MD5.E6B65C40F24E207DF5937AA3641CA381] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8151040] [PID.3564]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M2 - MFEP: RegExtension {87F8774F-B485-47E2-A755-A40A8A5E886D} . (...) --
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\DOUGLAS\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 38 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = about:newtab
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [DOUGLAS]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [DOUGLAS]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [DOUGLAS]: Namebench.lnk . (...) -- C:\Program Files\Namebench\namebench.exe =>PUP.GiganticSavings
O4 - GS\Desktop [DOUGLAS]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 4 Legitimates Filtered in 00mn 04s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (.not file.)
O4 - HKLM\..\Run: [gmsd_br_78] Chave orfã
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.8.0_31\bin\jusched.exe (.not file.) =>.Oracle Corporation
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-4284725103-841026821-2663200864-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-4284725103-841026821-2663200864-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (.not file.)
O4 - HKUS\S-1-5-21-4284725103-841026821-2663200864-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-4284725103-841026821-2663200864-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office12\ONBttnIE.dll
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{26B1861C-28B9-4683-8346-A9F7B44C3B97}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CCE8680-D185-46A1-8E01-7DE197363922}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{573FEBC4-6801-4F03-96E9-24F828F849E4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F3734DB-EA99-400E-ADB2-16922185E257}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2B77402-60A3-4799-8891-CFC9154307BC}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F3734DB-EA99-400E-ADB2-16922185E257}: NameServer = 10.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{26B1861C-28B9-4683-8346-A9F7B44C3B97}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CCE8680-D185-46A1-8E01-7DE197363922}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{573FEBC4-6801-4F03-96E9-24F828F849E4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{9F3734DB-EA99-400E-ADB2-16922185E257}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D2B77402-60A3-4799-8891-CFC9154307BC}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{26B1861C-28B9-4683-8346-A9F7B44C3B97}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{3CCE8680-D185-46A1-8E01-7DE197363922}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{573FEBC4-6801-4F03-96E9-24F828F849E4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS3\Services\Tcpip\..\{9F3734DB-EA99-400E-ADB2-16922185E257}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{D2B77402-60A3-4799-8891-CFC9154307BC}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{3B6E5116-1055-472B-80BE-98E40786287C}] (...) -- C:\Users\DOUGLAS\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
[MD5.00000000000000000000000000000000] [APT] [{49ACD15A-52EF-4908-8F67-400684924CB1}] (...) -- C:\Users\DOUGLAS\AppData\Local\Temp\C165300A80D4477F88E7D4DFD0A866CF\TrueImageInstallMenu_standard.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]
~ Scheduled Task: 9 Legitimates Filtered in 00mn 05s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (gosaferdrv) . (. - .) - C:\Windows\System32\drivers\gosaferdrv.sys (.not file.)
O41 - Driver: (mosfilterdrv) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\mosfilterdrv.sys
O41 - Driver: (pofilterdrv) . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - C:\Windows\System32\drivers\pofilterdrv.sys
~ Drivers: 104 Legitimates Filtered in 00mn 01s
---\\ Software instalados (042)
O42 - Logiciel: ACI - (.Ministério do Trabalho e Emprego.) [HKLM] -- EBB7DDC5-F8A7-4C1A-8BDB-C64456D342A5
O42 - Logiciel: BRApp - (.BR SOFTWARE LLC.) [HKLM] -- BRApp
O42 - Logiciel: CAGEDNet - (.Dataprev.) [HKLM] -- 4999919A-61DF-2230-AF39-F4BCF13A809A
O42 - Logiciel: Conectividade Social - (...) [HKLM] -- Conectividade Social
O42 - Logiciel: DigiBestDriver - (.DigiBest Technology CO., LTD.) [HKLM] -- InstallShield_{8B96A93A-E472-4A6C-BC20-4578C665448B}
O42 - Logiciel: FSB GUI version 4.0 - (.jbox@360hacks.de.) [HKLM] -- {568DC1C6-2E6F-4F7E-B169-FE2A1689E913}_is1
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: Horizon v2.7.9.3 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Quantum - (.Quantum LLC.) [HKLM] -- Quantum
O42 - Logiciel: SEFIP 8.40 - (...) [HKLM] -- SEFIP 8.40
O42 - Logiciel: Sicalc Auto Atendimento - (.Receita Federal do Brasil.) [HKLM] -- Sicalc Auto Atendimento
O42 - Logiciel: TIM Communicator - (...) [HKLM] -- OrolixCommunicator
~ Logic: 22 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\39676InstEnd]
[HKCU\Software\ARL]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Autogg]
[HKCU\Software\Autogg_ini]
[HKCU\Software\CASNeuter]
[HKCU\Software\GbAs]
[HKCU\Software\Kounen]
[HKCU\Software\M45C4]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\Quantum]
[HKCU\Software\Search Vortex]
[HKCU\Software\WCA]
[HKCU\Software\YVETWWON]
[HKCU\Software\YXHVXJV]
[HKCU\Software\i.Tech]
[HKCU\Software\nands]
[HKLM\Software\Caixa]
[HKLM\Software\GOSafer]
[HKLM\Software\NJax]
[HKLM\Software\Orolix]
[HKLM\Software\Programas RFB]
[HKLM\Software\Search Vortex]
~ Key Software: 234 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/01/2015 - 20:09:18 - [] ----D C:\Program Files\CAGED
O43 - CFD: 05/02/2015 - 00:10:36 - [] ----D C:\Program Files\CAIXA
O43 - CFD: 28/11/2013 - 22:34:20 - [] ----D C:\Program Files\Daring Development
O43 - CFD: 28/09/2012 - 22:24:45 - [] ----D C:\Program Files\DigiBestTV
O43 - CFD: 22/10/2010 - 22:54:33 - [] ----D C:\Program Files\driver de video
O43 - CFD: 29/11/2013 - 01:15:24 - [] ----D C:\Program Files\FSB GUI
O43 - CFD: 22/03/2011 - 20:28:28 - [] ----D C:\Program Files\Kounen
O43 - CFD: 18/01/2015 - 16:26:33 - [] ----D C:\Program Files\Programas RFB
O43 - CFD: 02/02/2015 - 23:40:39 - [] ----D C:\Program Files\Quantum
O43 - CFD: 03/01/2015 - 18:41:51 - [] ----D C:\Program Files\TIM Communicator
O43 - CFD: 03/02/2010 - 12:58:38 - [] ----D C:\Program Files\TpvAoc
O43 - CFD: 10/05/2013 - 19:26:06 - [] ----D C:\Program Files\Win7LogonBackgroundChanger
O43 - CFD: 24/10/2010 - 07:43:41 - [] ----D C:\Program Files\Windows.old
O43 - CFD: 29/07/2011 - 20:19:28 - [] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 05/02/2015 - 00:11:38 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA
O43 - CFD: 29/11/2013 - 01:15:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSB GUI
O43 - CFD: 18/10/2014 - 15:44:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
O43 - CFD: 18/01/2015 - 16:26:36 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
O43 - CFD: 02/02/2015 - 23:46:12 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum
O43 - CFD: 14/07/2009 - 04:48:45 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 21/07/2011 - 11:17:19 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIM Communicator
O43 - CFD: 06/02/2015 - 23:42:02 - [] ----D C:\Users\DOUGLAS\AppData\Roaming\Quantum
O43 - CFD: 11/08/2012 - 15:58:28 - [] ----D C:\Users\DOUGLAS\AppData\Roaming\VIVO INTERNET
O43 - CFD: 05/01/2015 - 21:16:20 - [] -SH-D C:\Users\DOUGLAS\AppData\Local\EmieBrowserModeList
O43 - CFD: 08/10/2014 - 21:16:06 - [] ----D C:\Users\DOUGLAS\AppData\Local\Paradox
O43 - CFD: 25/11/2013 - 19:15:55 - [] ----D C:\Users\DOUGLAS\AppData\Local\Team_360h
O43 - CFD: 06/01/2015 - 20:08:03 - [] ----D C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACI
O43 - CFD: 06/01/2015 - 20:09:30 - [] ----D C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAGEDNet
O43 - CFD: 05/02/2015 - 00:11:38 - [0] ----D C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAIXA
O43 - CFD: 28/01/2015 - 21:32:21 - [] ----D C:\Users\DOUGLAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GdRaisJava
~ Program Folder: 220 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.F516ED323913F51719DBBB6AD6B3B8BC] - 05/02/2015 - 00:10:50 ---A- . (...) -- C:\Windows\System32\Stdcxiac.tlb [4000]
O44 - LFC:[MD5.8963650262B6087EC2D5E3E73E09CA6D] - 05/02/2015 - 00:10:50 ---A- . (...) -- C:\Windows\System32\Stdcxiap.tlb [1664]
O44 - LFC:[MD5.53A3186955D2351C22647B9D6C648556] - 05/02/2015 - 00:10:50 ---A- . (...) -- C:\Windows\System32\Stdcxom.tlb [8108]
O44 - LFC:[MD5.F9B3E46EFCCD9ED659256C53B15936BC] - 05/02/2015 - 00:10:54 ---A- . (...) -- C:\Windows\System32\cnsHTTP.dll [435200]
O44 - LFC:[MD5.FA164A7B15FE1B00510424F8AA185F01] - 05/02/2015 - 00:10:54 ---A- . (...) -- C:\Windows\System32\simplezip.dll [333312]
O44 - LFC:[MD5.6CD1AE8EAC6A7377329AF15E1C493BA5] - 05/02/2015 - 00:11:09 ---A- . (...) -- C:\Windows\System32\Dao2535.tlb [73184]
O44 - LFC:[MD5.51551EA418DE1C09AF56D21355412780] - 05/02/2015 - 00:11:11 ---A- . (...) -- C:\Windows\System32\MSDATGRD.oca [65536]
O44 - LFC:[MD5.5EF38D04093306E484C5D673F2CA52C5] - 05/02/2015 - 00:11:11 ---A- . (...) -- C:\Windows\System32\Mshflxgd.srg [111]
O44 - LFC:[MD5.012DE52D6C43AE452F0CB3743B323C17] - 05/02/2015 - 00:11:23 ---A- . (.CEF - ObsCpApi Client (011003).) -- C:\Windows\System32\obscpapi.dll [236230]
O44 - LFC:[MD5.6D04485AC797E37D1D18EBC22209FA51] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Clhtcert.prg [1883]
O44 - LFC:[MD5.8A195039A3C941CE479EC81561F3A15A] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Clhtreg.prg [2545]
O44 - LFC:[MD5.462E7D0C9D0DF332490B9D063AD83742] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Clhttp.prg [3055]
O44 - LFC:[MD5.0DE252F8AA0E11ADA728F6B969DA9D55] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Clusr1.prg [7]
O44 - LFC:[MD5.0DE252F8AA0E11ADA728F6B969DA9D55] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Clusr2.prg [7]
O44 - LFC:[MD5.C7B08AFBAE9C9AC143E6E4404D50CBC3] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Hl_med32.dll [218112]
O44 - LFC:[MD5.F3F8B94E5676F0526759C79466C5DE76] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Hl_pub32.dll [31744]
O44 - LFC:[MD5.A2FAA45C76E9BA447191254E84A1B079] - 05/02/2015 - 00:11:27 ---A- . (...) -- C:\Windows\System32\Hlsoft32.dll [167936]
O44 - LFC:[MD5.5586E31B48F7B5F4CE8160BD531AC2C5] - 05/02/2015 - 00:11:28 ---A- . (...) -- C:\Windows\System32\Prox.dll [371200]
O44 - LFC:[MD5.3AA75194FFB6D901516D3126C3B05220] - 05/02/2015 - 00:11:28 ---A- . (...) -- C:\Windows\System32\Prx.dll [2256384]
O44 - LFC:[MD5.2558CBC8F2C555B757DDBD472BB9253A] - 05/02/2015 - 00:11:28 ---A- . (...) -- C:\Windows\System32\Rsa_w32.dll [51712]
O44 - LFC:[MD5.2C3F7864C73EF26A263D4448586BBF6F] - 05/02/2015 - 00:11:28 ---A- . (...) -- C:\Windows\System32\tcpconf.dat [148]
O44 - LFC:[MD5.4C6D38150513F98CF0E4ECE89E883144] - 05/02/2015 - 00:11:28 ---A- . (.Stardust Technologies, Inc. - Windows 95 WCA Loader.) -- C:\Windows\System32\W32spdll.dll [17920]
O44 - LFC:[MD5.77D9E6C49F39A8B4DB6E0210DDD0A6D8] - 05/02/2015 - 00:11:28 ---A- . (.Stardust Technologies, Inc. - Winsock Component Architecture.) -- C:\Windows\System32\Wca_32.dll [117760]
O44 - LFC:[MD5.EAAE9CE268BFC7EBFD62AB9445EA331F] - 05/02/2015 - 00:27:46 ---A- . (.DBA - cnsselo.) -- C:\Windows\System32\cnsselo.dll [379904]
O44 - LFC:[MD5.8EF3896F48B1CB4E6E62987A40431357] - 06/02/2015 - 23:46:23 ---A- . (...) -- C:\DataHora.cns [27]
O44 - LFC:[MD5.995ECAF93E3B518E50CA22D3E4AECEA6] - 06/02/2015 - 23:57:48 ---A- . (...) -- C:\prox.log [70824]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 07/02/2015 - 12:19:20 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.EFB75998633AD3E2FDAA5EFC0A482EE5] - 07/02/2015 - 12:47:24 ---A- . (...) -- C:\zoek-results.log [26785]
O44 - LFC:[MD5.6DABC64FE1DDCAE435DE15256BDD9754] - 07/02/2015 - 12:50:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [127896]
O44 - LFC:[MD5.AC57B72B3432F1A0BA1C8200F588562A] - 07/02/2015 - 12:50:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663606]
~ Files: 68 Legitimates Filtered in 00mn 07s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{e1dfc21d-eda0-11e2-8b8d-0025ab009cef}\AutoRun\command. (...) -- F:\LGAutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:17/12/2009 - 17:10:12 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\Windows\System32\Drivers\emBDA.sys [579968]
O58 - SDL:24/03/2010 - 20:10:38 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\Windows\System32\Drivers\emOEM.sys [130432]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/10/2014 - 23:52:48 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\mosfilterdrv.sys [55608]
O58 - SDL:02/12/2014 - 17:57:08 ---A- . (.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) -- C:\Windows\System32\Drivers\pofilterdrv.sys [55616]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [721904]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 89 Legitimates Filtered in 00mn 39s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 21/10/2014 - C:\Windows\System32\drivers\mosfilterdrv.sys (mosfilterdrv) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_MOSFILTERDRV
O64 - Services: CurCS - 02/12/2014 - C:\Windows\System32\drivers\pofilterdrv.sys (pofilterdrv) .(.NetFilterSDK.com - NetFilter SDK TDI Hook Driver (WPP).) - LEGACY_POFILTERDRV
O64 - Services: CurCS - 09/05/1745 - C:\Windows\System32\Drivers\sptd.sys (sptd) .(...) - LEGACY_SPTD
~ Legacy: 214 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1FE9E78014E990C3374F4D167DA5E5ED] [SPRF][06/01/2015] (...) -- C:\Users\DOUGLAS\AppData\Roaming\unins000.dat [17762]
[MD5.96E95EDEC2D2CEA19297A4ABC54A86FB] [SPRF][23/05/2013] (.No owner - 360mpGui.) -- C:\Users\DOUGLAS\Desktop\360mpGui v1.1.3.0.exe [5176915]
[MD5.92ABBC6E52E32F8F66684F90BF4A25CE] [SPRF][10/01/2015] (...) -- C:\Users\DOUGLAS\Desktop\zoek.exe [1295360]
[MD5.C9829B02F58140D0FA32A9FA1E7FBA68] [SPRF][20/01/2014] (.No owner - K-Lite Mega Codec Pack Setup.) -- C:\Program Files\892-K-Lite_Codec_Pack_1020_Mega.exe [31772694]
[MD5.7FAF5DD11A44CC98EA90BEB800191120] [SPRF][22/01/2008] (.afa - AF15BDAEX.) -- C:\Program Files\AFABDAEX.dll [28672]
[MD5.0B1EBB87377A0647EDD85D70F85D527B] [SPRF][03/06/2009] (.eMPIA Technology, Inc. - USB 28xx BDA DLL API.) -- C:\Program Files\emDLL.dll [76288]
[MD5.8B9C66B16AAB51E47CD3EE6B2A12F3B1] [SPRF][15/12/2008] (...) -- C:\Program Files\GetHardID.dll [117248]
[MD5.D31E8D4C07DD658DE7C7A272F818C450] [SPRF][30/11/2009] (...) -- C:\Program Files\MediaTV.dll [216576]
[MD5.040895CBB5BEB2C6A6ADA6969B16F20F] [SPRF][08/06/2009] (...) -- C:\Program Files\MediaTVScheduleMonitor.dll [65536]
[MD5.28546D03AB6033BFCF85A1E2038DA515] [SPRF][10/02/2007] (...) -- C:\Program Files\RSA_DLL.dll [122880]
~ Files: 12 Legitimates Filtered in 00mn 02s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{E20B4FC3-8757-4454-A6CB-DDA6F8E69FAA}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{2FC07C89-0A6E-4543-AD0B-85AE63911B89}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 03s
---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [721904]
~ Emulateurs: Scanned in 00mn 34s
---\\ Scâner Aditional (088)
Database Version : 13008 - (09/01/2015)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 5
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\DOUGLAS\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 267413 Items scanned in 00mn 57s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Chave do registo Shell MountPoints2 (MPSK) (O51)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.GiganticSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.WebsSearches
~ MSI: 2 link(s) detected in 00mn 00s
~ 1048 Legitimates filtered by white list
End of the scan (512 lines in 03mn 16s)(0)
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Sáb 07 Fev 2015, 15:04
Você usou o ZHPDiag, mas o que precisamos no momento é do ZHPCleaner:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Use-o seguindo as dicas daquele tutorial que te passei e poste o log dele, por gentileza.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Use-o seguindo as dicas daquele tutorial que te passei e poste o log dele, por gentileza.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Seg 09 Fev 2015, 01:53
Olá bom dia,
Olha tive que formatar meu pc...deu problemas...entao formatei e deixei com windows 8.1 pro.....mas com alguns arquivos que baixei acompanhou alguns arquivos maliciosos....segue abaixo o relatorio de ZHPCleaner
~ ZHPCleaner v2015.2.8.56 by Nicolas Coolman (08/02/2015)
~ Run by Douglas (Administrator) (09/02/2015 00:31:26)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Douglas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 81, 32-bit (Build 9600)
---\\ Services (6)
SERVICE STOPPED : IHProtect Service (Adware.AgentODR)
SERVICE STOPPED : WindowsMangerProtect (PUP.Fuyu)
SERVICE STOPPED : IHProtect Service (Adware.AgentODR)
SERVICE STOPPED : WindowsMangerProtect (PUP.Fuyu)
SERVICE STOPPED : IHProtect Service (Adware.AgentODR)
SERVICE STOPPED : WindowsMangerProtect (PUP.Fuyu)
---\\ Browser internet (5)
FOUND IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
FOUND IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
FOUND IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
FOUND IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
FOUND Chrome URL: "hxxp://www.mystartsearch.com/?type=hp&ts=1423364547&from=smt&uid=WDCXWD3200BEVT-00A22T0_WD-WX21A40E[...]
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious items found.
---\\ Explorer ( File, Folder) (139)
FOUND file: C:\Windows\System32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys [StdLib - StdLib] (PUP.LinkiDoo)
FOUND file: C:\Windows\System32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys [StdLib - StdLib] (PUP.LinkiDoo)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\WinDivert.sys [Basil Projects - WinDivert network packet capture and (re)injection driver] (PUA.KMSpico)
FOUND file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\AutoPico.exe [ - AutoPico] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\KMSELDI.exe [ - KMS GUI ELDI] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\unins000.dat (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\UninsHs.exe [Han-soft - Uninstall for InnoSetup by Han-soft] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\WinDivert.dll (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\WinDivert.sys [Basil Projects - WinDivert network packet capture and (re)injection driver] (PUA.KMSpico)
FOUND file: C:\Program Files\XTab\BrowerWatchCH.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\BrowerWatchFF.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\BrowserAction.dll [Skytech Co., Ltd. - Skytech] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\CmdShell.exe [SearchProtect - CmdShell.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\conf (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\HPNotify.exe [XTab system - SupHPNot.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\IeWatchDog.dll [Search Protecter - SearchProtect for ie] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\install.data (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\msvcp110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\msvcr110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\searchProvider.xml (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\SupTab.dll [Thinknice Co. Limited - SupTab setup package] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\uninstall.exe [XTab - XTab] (Adware.AgentODR)
FOUND folder: C:\Program Files\KMSpico\cert (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\driver (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\icons (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\logs (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\scripts (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\sounds (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\x64 (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\x86 (PUA.KMSpico)
FOUND folder: C:\Program Files\XTab\skin (Adware.AgentODR)
FOUND folder: C:\Program Files\XTab\web (Adware.AgentODR)
FOUND folder: C:\Program Files\KMSpico (PUA.KMSpico)
FOUND folder: C:\Program Files\XTab (Adware.AgentODR)
FOUND file: C:\Program Files\KMSpico\AutoPico.exe [ - AutoPico] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\KMSELDI.exe [ - KMS GUI ELDI] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\unins000.dat (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\UninsHs.exe [Han-soft - Uninstall for InnoSetup by Han-soft] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\WinDivert.dll (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\WinDivert.sys [Basil Projects - WinDivert network packet capture and (re)injection driver] (PUA.KMSpico)
FOUND file: C:\Program Files\XTab\BrowerWatchCH.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\BrowerWatchFF.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\BrowserAction.dll [Skytech Co., Ltd. - Skytech] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\CmdShell.exe [SearchProtect - CmdShell.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\conf (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\HPNotify.exe [XTab system - SupHPNot.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\IeWatchDog.dll [Search Protecter - SearchProtect for ie] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\install.data (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\msvcp110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\msvcr110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\searchProvider.xml (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\SupTab.dll [Thinknice Co. Limited - SupTab setup package] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\uninstall.exe [XTab - XTab] (Adware.AgentODR)
FOUND folder: C:\Program Files\KMSpico\cert (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\driver (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\icons (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\logs (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\scripts (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\sounds (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\x64 (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\x86 (PUA.KMSpico)
FOUND folder: C:\Program Files\XTab\skin (Adware.AgentODR)
FOUND folder: C:\Program Files\XTab\web (Adware.AgentODR)
FOUND folder: C:\Program Files\KMSpico (PUA.KMSpico)
FOUND folder: C:\Program Files\XTab (Adware.AgentODR)
FOUND file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu)
FOUND folder: C:\ProgramData\Baidu\Antivirus (Adware.BDPlugin)
FOUND folder: C:\ProgramData\Baidu\commondll (Adware.BDPlugin)
FOUND folder: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
FOUND folder: C:\ProgramData\WindowsMangerProtect\update (PUP.Fuyu)
FOUND folder: C:\ProgramData\Baidu (Adware.BDPlugin)
FOUND folder: C:\ProgramData\Baidu Security (Adware.BDPlugin)
FOUND folder: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
FOUND folder: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
FOUND file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu)
FOUND folder: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
FOUND folder: C:\ProgramData\WindowsMangerProtect\update (PUP.Fuyu)
FOUND folder: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
FOUND folder: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk (PUA.KMSpico)
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk (PUA.KMSpico)
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk (PUA.KMSpico)
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk (PUA.KMSpico)
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico (PUA.KMSpico)
FOUND file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS)
FOUND folder: C:\Windows\AutoKMS (Trojan.AutoKMS)
FOUND folder: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared\Themes (PUP.InboxEmail)
FOUND folder: C:\Windows\System32\WindowsInternal.Inbox.Shared\Themes (PUP.InboxEmail)
FOUND folder: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared (PUP.InboxEmail)
FOUND folder: C:\Windows\System32\WindowsInternal.Inbox.Shared (PUP.InboxEmail)
FOUND folder: C:\Windows\system32\WindowsInternal.Inbox.Media.Shared\Themes (PUP.InboxEmail)
FOUND folder: C:\Windows\system32\WindowsInternal.Inbox.Shared\Themes (PUP.InboxEmail)
FOUND folder: C:\Windows\system32\WindowsInternal.Inbox.Media.Shared (PUP.InboxEmail)
FOUND folder: C:\Windows\system32\WindowsInternal.Inbox.Shared (PUP.InboxEmail)
FOUND file: C:\Users\Douglas\AppData\Roaming\mystartsearch\UninstallManager.exe [Skytech Co., Ltd. - Skytech] (PUP.StartSearch)
FOUND folder: C:\Users\Douglas\AppData\Roaming\mystartsearch\log (PUP.StartSearch)
FOUND folder: C:\Users\Douglas\AppData\Roaming\mystartsearch (PUP.StartSearch)
FOUND folder: C:\Users\Douglas\AppData\Local\Temp\SourceApp (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\KMSPICO - VINICIUS TUTORIAIS.-F7D92956.pf (PUA.KMSpico)
FOUND file: C:\Windows\Prefetch\N5BLOCKANDSURFB70.EXE-E6F118A5.pf (PUP.BlockAndSurf)
FOUND file: C:\Windows\Prefetch\SOURCEAPP.BROWSERADAPTER.EXE-F871F54D.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\SOURCEAPP.EXPEXT.EXE-82AA02DA.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\SOURCEAPP.MG.EXE-83D0D5A9.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\SOURCEAPP.PURBROWSE.EXE-0AAD47B1.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\SOURCEAPPUNINSTALL.EXE-4B4A0E4F.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\SOURCEAPP_SETUP.EXE-B2F82EF7.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\UPDATESOURCEAPP.EXE-E9E56E24.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\UTILSOURCEAPP.EXE-000A78AC.pf (PUP.SourceApp)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.sourceapp.info_0.localstorage (PUP.SourceApp)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.sourceapp.info_0.localstorage-journal (PUP.SourceApp)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage (PUP.SpecialSavings)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage (PUP.StartSearch)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal (PUP.StartSearch)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage (PUP.SpecialSavings)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
FOUND file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu)
FOUND file: C:\Windows\SECOH-QAD.exe (PUA.KMSpico)
FOUND file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS)
FOUND file: C:\END (Toolbar.Conduit)
---\\ Registry ( Key, Value, Data) (49)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [C:\Windows\System32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [C:\Windows\System32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] (PUA.KMSpico)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1 [C:\Program Files\KMSpico\WinDivert.sys] (PUA.KMSpico)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service] (PUP.Fuyu)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\XTab\ProtectService.exe] (Adware.AgentODR)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] (PUA.KMSpico)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service] (PUP.Fuyu)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [system32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [system32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\XTab\ProtectService.exe] (Adware.AgentODR)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] (PUA.KMSpico)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service] (PUP.Fuyu)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [system32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [system32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds[...]] [mystartsearch] (PUP.StartSearch)
FOUND key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD3200BEVT-00A22T0_WD-WX2[...]] [mystartsearch] (PUP.StartSearch)
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32 [C:\Program Files\XTab\SupTab.dll] (PUP.SupTab)
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32 [C:\Program Files\SourceApp\bin\9e22597747914356911d90b292281075.dll] (PUP.SourceApp)
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} [IETabPage Class] (PUP.SupTab)
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} [Manager Class] (PUP.SourceApp)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [system32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [system32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\XTab\ProtectService.exe] (Adware.AgentODR)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] (PUA.KMSpico)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service] (PUP.Fuyu)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [system32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [system32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKCR\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} [IMdt] (Adware.IMBooster)
FOUND key: HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} [IManager] (Adware.IMBooster)
FOUND key: HKCU\Software\Conduit [] (Toolbar.Conduit)
FOUND key: HKCU\Software\GSpot Appliance Corp [] (PUP.ApplianTechnologies)
FOUND key: HKCU\Software\AppDataLow\Software\BlockAndSurf [] (PUP.BlockAndSurf)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect [] (PUP.Fuyu)
FOUND key: HKLM\SOFTWARE\IHProtect [] (Adware.AgentODR)
FOUND key: HKLM\SOFTWARE\mystartsearchSoftware [] (PUP.StartSearch)
FOUND key: HKLM\SOFTWARE\SupDp [] (PUP.SupTab)
FOUND key: HKLM\SOFTWARE\supTab [] (PUP.SupTab)
FOUND key: HKLM\SOFTWARE\supWindowsMangerProtect [] (PUP.Fuyu)
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\updateSourceApp_RASAPI32 [] (PUP.SourceApp)
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\updateSourceApp_RASMANCS [] (PUP.SourceApp)
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\utilSourceApp_RASAPI32 [] (PUP.SourceApp)
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\utilSourceApp_RASMANCS [] (PUP.SourceApp)
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 [KMSpico v9.2.3] (PUA.KMSpico)
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 [KMSpico v9.2.3] (PUA.KMSpico)
---\\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
---\\ Statistics
~ Items scanned : 63014
~ Items found : 193
~ Items repaired : 0
End of clean at 00:47:39
===================
ZHPCleaner-[S]-09022015-00_47_39.txt
Olha tive que formatar meu pc...deu problemas...entao formatei e deixei com windows 8.1 pro.....mas com alguns arquivos que baixei acompanhou alguns arquivos maliciosos....segue abaixo o relatorio de ZHPCleaner
~ ZHPCleaner v2015.2.8.56 by Nicolas Coolman (08/02/2015)
~ Run by Douglas (Administrator) (09/02/2015 00:31:26)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Douglas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 81, 32-bit (Build 9600)
---\\ Services (6)
SERVICE STOPPED : IHProtect Service (Adware.AgentODR)
SERVICE STOPPED : WindowsMangerProtect (PUP.Fuyu)
SERVICE STOPPED : IHProtect Service (Adware.AgentODR)
SERVICE STOPPED : WindowsMangerProtect (PUP.Fuyu)
SERVICE STOPPED : IHProtect Service (Adware.AgentODR)
SERVICE STOPPED : WindowsMangerProtect (PUP.Fuyu)
---\\ Browser internet (5)
FOUND IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
FOUND IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
FOUND IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
FOUND IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
FOUND Chrome URL: "hxxp://www.mystartsearch.com/?type=hp&ts=1423364547&from=smt&uid=WDCXWD3200BEVT-00A22T0_WD-WX21A40E[...]
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious items found.
---\\ Explorer ( File, Folder) (139)
FOUND file: C:\Windows\System32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys [StdLib - StdLib] (PUP.LinkiDoo)
FOUND file: C:\Windows\System32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys [StdLib - StdLib] (PUP.LinkiDoo)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\WinDivert.sys [Basil Projects - WinDivert network packet capture and (re)injection driver] (PUA.KMSpico)
FOUND file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\AutoPico.exe [ - AutoPico] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\KMSELDI.exe [ - KMS GUI ELDI] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\unins000.dat (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\UninsHs.exe [Han-soft - Uninstall for InnoSetup by Han-soft] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\WinDivert.dll (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\WinDivert.sys [Basil Projects - WinDivert network packet capture and (re)injection driver] (PUA.KMSpico)
FOUND file: C:\Program Files\XTab\BrowerWatchCH.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\BrowerWatchFF.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\BrowserAction.dll [Skytech Co., Ltd. - Skytech] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\CmdShell.exe [SearchProtect - CmdShell.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\conf (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\HPNotify.exe [XTab system - SupHPNot.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\IeWatchDog.dll [Search Protecter - SearchProtect for ie] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\install.data (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\msvcp110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\msvcr110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\searchProvider.xml (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\SupTab.dll [Thinknice Co. Limited - SupTab setup package] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\uninstall.exe [XTab - XTab] (Adware.AgentODR)
FOUND folder: C:\Program Files\KMSpico\cert (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\driver (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\icons (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\logs (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\scripts (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\sounds (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\x64 (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\x86 (PUA.KMSpico)
FOUND folder: C:\Program Files\XTab\skin (Adware.AgentODR)
FOUND folder: C:\Program Files\XTab\web (Adware.AgentODR)
FOUND folder: C:\Program Files\KMSpico (PUA.KMSpico)
FOUND folder: C:\Program Files\XTab (Adware.AgentODR)
FOUND file: C:\Program Files\KMSpico\AutoPico.exe [ - AutoPico] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\KMSELDI.exe [ - KMS GUI ELDI] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\unins000.dat (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\UninsHs.exe [Han-soft - Uninstall for InnoSetup by Han-soft] (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\WinDivert.dll (PUA.KMSpico)
FOUND file: C:\Program Files\KMSpico\WinDivert.sys [Basil Projects - WinDivert network packet capture and (re)injection driver] (PUA.KMSpico)
FOUND file: C:\Program Files\XTab\BrowerWatchCH.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\BrowerWatchFF.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\BrowserAction.dll [Skytech Co., Ltd. - Skytech] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\CmdShell.exe [SearchProtect - CmdShell.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\conf (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\HPNotify.exe [XTab system - SupHPNot.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\IeWatchDog.dll [Search Protecter - SearchProtect for ie] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\install.data (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\msvcp110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\msvcr110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\searchProvider.xml (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\SupTab.dll [Thinknice Co. Limited - SupTab setup package] (Adware.AgentODR)
FOUND file: C:\Program Files\XTab\uninstall.exe [XTab - XTab] (Adware.AgentODR)
FOUND folder: C:\Program Files\KMSpico\cert (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\driver (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\icons (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\logs (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\scripts (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\sounds (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\x64 (PUA.KMSpico)
FOUND folder: C:\Program Files\KMSpico\x86 (PUA.KMSpico)
FOUND folder: C:\Program Files\XTab\skin (Adware.AgentODR)
FOUND folder: C:\Program Files\XTab\web (Adware.AgentODR)
FOUND folder: C:\Program Files\KMSpico (PUA.KMSpico)
FOUND folder: C:\Program Files\XTab (Adware.AgentODR)
FOUND file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu)
FOUND folder: C:\ProgramData\Baidu\Antivirus (Adware.BDPlugin)
FOUND folder: C:\ProgramData\Baidu\commondll (Adware.BDPlugin)
FOUND folder: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
FOUND folder: C:\ProgramData\WindowsMangerProtect\update (PUP.Fuyu)
FOUND folder: C:\ProgramData\Baidu (Adware.BDPlugin)
FOUND folder: C:\ProgramData\Baidu Security (Adware.BDPlugin)
FOUND folder: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
FOUND folder: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
FOUND file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu)
FOUND folder: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
FOUND folder: C:\ProgramData\WindowsMangerProtect\update (PUP.Fuyu)
FOUND folder: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
FOUND folder: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk (PUA.KMSpico)
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk (PUA.KMSpico)
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk (PUA.KMSpico)
FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk (PUA.KMSpico)
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico (PUA.KMSpico)
FOUND file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS)
FOUND folder: C:\Windows\AutoKMS (Trojan.AutoKMS)
FOUND folder: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared\Themes (PUP.InboxEmail)
FOUND folder: C:\Windows\System32\WindowsInternal.Inbox.Shared\Themes (PUP.InboxEmail)
FOUND folder: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared (PUP.InboxEmail)
FOUND folder: C:\Windows\System32\WindowsInternal.Inbox.Shared (PUP.InboxEmail)
FOUND folder: C:\Windows\system32\WindowsInternal.Inbox.Media.Shared\Themes (PUP.InboxEmail)
FOUND folder: C:\Windows\system32\WindowsInternal.Inbox.Shared\Themes (PUP.InboxEmail)
FOUND folder: C:\Windows\system32\WindowsInternal.Inbox.Media.Shared (PUP.InboxEmail)
FOUND folder: C:\Windows\system32\WindowsInternal.Inbox.Shared (PUP.InboxEmail)
FOUND file: C:\Users\Douglas\AppData\Roaming\mystartsearch\UninstallManager.exe [Skytech Co., Ltd. - Skytech] (PUP.StartSearch)
FOUND folder: C:\Users\Douglas\AppData\Roaming\mystartsearch\log (PUP.StartSearch)
FOUND folder: C:\Users\Douglas\AppData\Roaming\mystartsearch (PUP.StartSearch)
FOUND folder: C:\Users\Douglas\AppData\Local\Temp\SourceApp (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\KMSPICO - VINICIUS TUTORIAIS.-F7D92956.pf (PUA.KMSpico)
FOUND file: C:\Windows\Prefetch\N5BLOCKANDSURFB70.EXE-E6F118A5.pf (PUP.BlockAndSurf)
FOUND file: C:\Windows\Prefetch\SOURCEAPP.BROWSERADAPTER.EXE-F871F54D.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\SOURCEAPP.EXPEXT.EXE-82AA02DA.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\SOURCEAPP.MG.EXE-83D0D5A9.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\SOURCEAPP.PURBROWSE.EXE-0AAD47B1.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\SOURCEAPPUNINSTALL.EXE-4B4A0E4F.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\SOURCEAPP_SETUP.EXE-B2F82EF7.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\UPDATESOURCEAPP.EXE-E9E56E24.pf (PUP.SourceApp)
FOUND file: C:\Windows\Prefetch\UTILSOURCEAPP.EXE-000A78AC.pf (PUP.SourceApp)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.sourceapp.info_0.localstorage (PUP.SourceApp)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.sourceapp.info_0.localstorage-journal (PUP.SourceApp)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage (PUP.SpecialSavings)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage (PUP.StartSearch)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal (PUP.StartSearch)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage (PUP.SpecialSavings)
FOUND file: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
FOUND file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu)
FOUND file: C:\Windows\SECOH-QAD.exe (PUA.KMSpico)
FOUND file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS)
FOUND file: C:\END (Toolbar.Conduit)
---\\ Registry ( Key, Value, Data) (49)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [C:\Windows\System32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [C:\Windows\System32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] (PUA.KMSpico)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1 [C:\Program Files\KMSpico\WinDivert.sys] (PUA.KMSpico)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service] (PUP.Fuyu)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\XTab\ProtectService.exe] (Adware.AgentODR)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] (PUA.KMSpico)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service] (PUP.Fuyu)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [system32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [system32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\XTab\ProtectService.exe] (Adware.AgentODR)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] (PUA.KMSpico)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service] (PUP.Fuyu)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [system32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [system32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds[...]] [mystartsearch] (PUP.StartSearch)
FOUND key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD3200BEVT-00A22T0_WD-WX2[...]] [mystartsearch] (PUP.StartSearch)
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32 [C:\Program Files\XTab\SupTab.dll] (PUP.SupTab)
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32 [C:\Program Files\SourceApp\bin\9e22597747914356911d90b292281075.dll] (PUP.SourceApp)
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} [IETabPage Class] (PUP.SupTab)
FOUND key: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} [Manager Class] (PUP.SourceApp)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [system32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [system32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\XTab\ProtectService.exe] (Adware.AgentODR)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] (PUA.KMSpico)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service] (PUP.Fuyu)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [system32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [system32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
FOUND key: HKCR\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} [IMdt] (Adware.IMBooster)
FOUND key: HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} [IManager] (Adware.IMBooster)
FOUND key: HKCU\Software\Conduit [] (Toolbar.Conduit)
FOUND key: HKCU\Software\GSpot Appliance Corp [] (PUP.ApplianTechnologies)
FOUND key: HKCU\Software\AppDataLow\Software\BlockAndSurf [] (PUP.BlockAndSurf)
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect [] (PUP.Fuyu)
FOUND key: HKLM\SOFTWARE\IHProtect [] (Adware.AgentODR)
FOUND key: HKLM\SOFTWARE\mystartsearchSoftware [] (PUP.StartSearch)
FOUND key: HKLM\SOFTWARE\SupDp [] (PUP.SupTab)
FOUND key: HKLM\SOFTWARE\supTab [] (PUP.SupTab)
FOUND key: HKLM\SOFTWARE\supWindowsMangerProtect [] (PUP.Fuyu)
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\updateSourceApp_RASAPI32 [] (PUP.SourceApp)
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\updateSourceApp_RASMANCS [] (PUP.SourceApp)
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\utilSourceApp_RASAPI32 [] (PUP.SourceApp)
FOUND key: HKLM\SOFTWARE\Microsoft\Tracing\utilSourceApp_RASMANCS [] (PUP.SourceApp)
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 [KMSpico v9.2.3] (PUA.KMSpico)
FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 [KMSpico v9.2.3] (PUA.KMSpico)
---\\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
---\\ Statistics
~ Items scanned : 63014
~ Items found : 193
~ Items repaired : 0
End of clean at 00:47:39
===================
ZHPCleaner-[S]-09022015-00_47_39.txt
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Seg 09 Fev 2015, 10:27
Você fez só o Scan com o ZHPCleaner. Execute-o novamente, como mostra o tutorial que te passei > Escolha a opção Repair. Depois disto poste o novo log que ele irá criar.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Seg 09 Fev 2015, 23:19
Boa noite,
Ok
Fiz como foi solicitado na orientação do tutorial..
~ ZHPCleaner v2015.2.8.56 by Nicolas Coolman (08/02/2015)
~ Run by Douglas (Administrator) (09/02/2015 21:55:33)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version KO
~ Type : Repair
~ Report : C:\Users\Douglas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 81, 32-bit (Build 9600)
---\\ Services (2)
SERVICE STOPPED : WindowsMangerProtect (PUP.Fuyu)
SERVICE STOPPED : IHProtect Service (Adware.AgentODR)
---\\ Browser internet (5)
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
REPLACED IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
REPLACED IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
REPLACED Chrome URL: "hxxp://www.mystartsearch.com/?type=hppp&ts=1423364603&from=smt&uid=WDCXWD3200BEVT-00A22T0_WD-WX21A4[...]
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious items found.
---\\ Explorer ( File, Folder) (84)
MOVED file: C:\Windows\System32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys [StdLib - StdLib] (PUP.LinkiDoo)
MOVED file: C:\Windows\System32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys [StdLib - StdLib] (PUP.LinkiDoo)
MOVED file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\WinDivert.sys [Basil Projects - WinDivert network packet capture and (re)injection driver] (PUA.KMSpico)
MOVED file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
MOVED file: C:\Program Files\KMSpico\AutoPico.exe [ - AutoPico] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\KMSELDI.exe [ - KMS GUI ELDI] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\unins000.dat (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\UninsHs.exe [Han-soft - Uninstall for InnoSetup by Han-soft] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\WinDivert.dll (PUA.KMSpico)
MOVED file: C:\Program Files\XTab\BrowerWatchCH.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\BrowerWatchFF.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\BrowserAction.dll [Skytech Co., Ltd. - Skytech] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\CmdShell.exe [SearchProtect - CmdShell.exe] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\conf (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\HPNotify.exe [XTab system - SupHPNot.exe] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\IeWatchDog.dll [Search Protecter - SearchProtect for ie] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\install.data (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\msvcp110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\msvcr110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\searchProvider.xml (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\SupTab.dll [Thinknice Co. Limited - SupTab setup package] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\uninstall.exe [XTab - XTab] (Adware.AgentODR)
MOVED folder: C:\Program Files\KMSpico\cert (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\driver (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\icons (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\logs (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\scripts (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\sounds (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\x64 (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\x86 (PUA.KMSpico)
MOVED folder: C:\Program Files\XTab\skin (Adware.AgentODR)
MOVED folder: C:\Program Files\XTab\web (Adware.AgentODR)
MOVED folder: C:\Program Files\KMSpico (PUA.KMSpico)
MOVED folder: C:\Program Files\XTab (Adware.AgentODR)
MOVED file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu)
MOVED folder: C:\ProgramData\Baidu\Antivirus (Adware.BDPlugin)
MOVED folder: C:\ProgramData\Baidu\commondll (Adware.BDPlugin)
MOVED folder: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
MOVED folder: C:\ProgramData\WindowsMangerProtect\update (PUP.Fuyu)
MOVED folder: C:\ProgramData\Baidu (Adware.BDPlugin)
MOVED folder: C:\ProgramData\Baidu Security (Adware.BDPlugin)
MOVED folder: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
MOVED folder: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk (PUA.KMSpico)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk (PUA.KMSpico)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk (PUA.KMSpico)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk (PUA.KMSpico)
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico (PUA.KMSpico)
MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS)
MOVED folder: C:\Windows\AutoKMS (Trojan.AutoKMS)
MOVED folder: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared\Themes (PUP.InboxEmail)
MOVED folder: C:\Windows\System32\WindowsInternal.Inbox.Shared\Themes (PUP.InboxEmail)
MOVED folder: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared (PUP.InboxEmail)
MOVED folder: C:\Windows\System32\WindowsInternal.Inbox.Shared (PUP.InboxEmail)
MOVED file: C:\Users\Douglas\AppData\Roaming\mystartsearch\UninstallManager.exe [Skytech Co., Ltd. - Skytech] (PUP.StartSearch)
MOVED folder: C:\Users\Douglas\AppData\Roaming\mystartsearch\log (PUP.StartSearch)
MOVED folder: C:\Users\Douglas\AppData\Roaming\mystartsearch (PUP.StartSearch)
MOVED folder: C:\Users\Douglas\AppData\Local\Temp\SourceApp (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\KMSPICO - VINICIUS TUTORIAIS.-F7D92956.pf (PUA.KMSpico)
MOVED file: C:\Windows\Prefetch\N5BLOCKANDSURFB70.EXE-E6F118A5.pf (PUP.BlockAndSurf)
MOVED file: C:\Windows\Prefetch\SOURCEAPP.BROWSERADAPTER.EXE-F871F54D.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\SOURCEAPP.EXPEXT.EXE-82AA02DA.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\SOURCEAPP.MG.EXE-83D0D5A9.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\SOURCEAPP.PURBROWSE.EXE-0AAD47B1.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\SOURCEAPPUNINSTALL.EXE-4B4A0E4F.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\SOURCEAPP_SETUP.EXE-B2F82EF7.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\UPDATESOURCEAPP.EXE-E9E56E24.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\UTILSOURCEAPP.EXE-000A78AC.pf (PUP.SourceApp)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.sourceapp.info_0.localstorage (PUP.SourceApp)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.sourceapp.info_0.localstorage-journal (PUP.SourceApp)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage (PUP.SpecialSavings)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage (PUP.StartSearch)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal (PUP.StartSearch)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage (PUP.SpecialSavings)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
MOVED file: C:\Windows\SECOH-QAD.exe (PUA.KMSpico)
MOVED file: C:\END (Toolbar.Conduit)
---\\ Registry ( Key, Value, Data) (29)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [C:\Windows\System32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [C:\Windows\System32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] (PUA.KMSpico)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1 [C:\Program Files\KMSpico\WinDivert.sys] (PUA.KMSpico)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service] (PUP.Fuyu)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\XTab\ProtectService.exe] (Adware.AgentODR)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds[...]] [mystartsearch] (PUP.StartSearch)
DELETED key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD3200BEVT-00A22T0_WD-WX2[...]] [mystartsearch] (PUP.StartSearch)
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32 [C:\Program Files\XTab\SupTab.dll] (PUP.SupTab)
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32 [C:\Program Files\SourceApp\bin\9e22597747914356911d90b292281075.dll] (PUP.SourceApp)
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} [IETabPage Class] (PUP.SupTab)
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} [Manager Class] (PUP.SourceApp)
DELETED key: HKCR\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} [IMdt] (Adware.IMBooster)
DELETED key: HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} [IManager] (Adware.IMBooster)
DELETED key: HKCU\Software\Conduit [] (Toolbar.Conduit)
DELETED key: HKCU\Software\GSpot Appliance Corp [] (PUP.ApplianTechnologies)
DELETED key: HKCU\Software\AppDataLow\Software\BlockAndSurf [] (PUP.BlockAndSurf)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect [] (PUP.Fuyu)
DELETED key: HKLM\SOFTWARE\IHProtect [] (Adware.AgentODR)
DELETED key: HKLM\SOFTWARE\mystartsearchSoftware [] (PUP.StartSearch)
DELETED key: HKLM\SOFTWARE\SupDp [] (PUP.SupTab)
DELETED key: HKLM\SOFTWARE\supTab [] (PUP.SupTab)
DELETED key: HKLM\SOFTWARE\supWindowsMangerProtect [] (PUP.Fuyu)
DELETED key: HKLM\SOFTWARE\Microsoft\Tracing\updateSourceApp_RASAPI32 [] (PUP.SourceApp)
DELETED key: HKLM\SOFTWARE\Microsoft\Tracing\updateSourceApp_RASMANCS [] (PUP.SourceApp)
DELETED key: HKLM\SOFTWARE\Microsoft\Tracing\utilSourceApp_RASAPI32 [] (PUP.SourceApp)
DELETED key: HKLM\SOFTWARE\Microsoft\Tracing\utilSourceApp_RASMANCS [] (PUP.SourceApp)
DELETED key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 [KMSpico v9.2.3] (PUA.KMSpico)
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
---\\ Statistics
~ Items scanned : 63049
~ Items found : 0
~ Items repaired : 118
End of clean at 22:07:58
===================
ZHPCleaner-[R]-09022015-22_07_58.txt
ZHPCleaner-[S]-09022015-00_47_39.txt
Ok
Fiz como foi solicitado na orientação do tutorial..
~ ZHPCleaner v2015.2.8.56 by Nicolas Coolman (08/02/2015)
~ Run by Douglas (Administrator) (09/02/2015 21:55:33)
~ Forum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Facebook : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ State version : Version KO
~ Type : Repair
~ Report : C:\Users\Douglas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 81, 32-bit (Build 9600)
---\\ Services (2)
SERVICE STOPPED : WindowsMangerProtect (PUP.Fuyu)
SERVICE STOPPED : IHProtect Service (Adware.AgentODR)
---\\ Browser internet (5)
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
REPLACED IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
REPLACED IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)
REPLACED Chrome URL: "hxxp://www.mystartsearch.com/?type=hppp&ts=1423364603&from=smt&uid=WDCXWD3200BEVT-00A22T0_WD-WX21A4[...]
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious items found.
---\\ Explorer ( File, Folder) (84)
MOVED file: C:\Windows\System32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys [StdLib - StdLib] (PUP.LinkiDoo)
MOVED file: C:\Windows\System32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys [StdLib - StdLib] (PUP.LinkiDoo)
MOVED file: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\WinDivert.sys [Basil Projects - WinDivert network packet capture and (re)injection driver] (PUA.KMSpico)
MOVED file: C:\Program Files\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
MOVED file: C:\Program Files\KMSpico\AutoPico.exe [ - AutoPico] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\KMSELDI.exe [ - KMS GUI ELDI] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\unins000.dat (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\UninsHs.exe [Han-soft - Uninstall for InnoSetup by Han-soft] (PUA.KMSpico)
MOVED file: C:\Program Files\KMSpico\WinDivert.dll (PUA.KMSpico)
MOVED file: C:\Program Files\XTab\BrowerWatchCH.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\BrowerWatchFF.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\BrowserAction.dll [Skytech Co., Ltd. - Skytech] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\CmdShell.exe [SearchProtect - CmdShell.exe] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\conf (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\HPNotify.exe [XTab system - SupHPNot.exe] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\IeWatchDog.dll [Search Protecter - SearchProtect for ie] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\install.data (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\msvcp110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\msvcr110.dll [Microsoft Corporation - Microsoft® C Runtime Library] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\searchProvider.xml (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\SupTab.dll [Thinknice Co. Limited - SupTab setup package] (Adware.AgentODR)
MOVED file: C:\Program Files\XTab\uninstall.exe [XTab - XTab] (Adware.AgentODR)
MOVED folder: C:\Program Files\KMSpico\cert (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\driver (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\icons (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\logs (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\scripts (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\sounds (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\x64 (PUA.KMSpico)
MOVED folder: C:\Program Files\KMSpico\x86 (PUA.KMSpico)
MOVED folder: C:\Program Files\XTab\skin (Adware.AgentODR)
MOVED folder: C:\Program Files\XTab\web (Adware.AgentODR)
MOVED folder: C:\Program Files\KMSpico (PUA.KMSpico)
MOVED folder: C:\Program Files\XTab (Adware.AgentODR)
MOVED file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu)
MOVED folder: C:\ProgramData\Baidu\Antivirus (Adware.BDPlugin)
MOVED folder: C:\ProgramData\Baidu\commondll (Adware.BDPlugin)
MOVED folder: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
MOVED folder: C:\ProgramData\WindowsMangerProtect\update (PUP.Fuyu)
MOVED folder: C:\ProgramData\Baidu (Adware.BDPlugin)
MOVED folder: C:\ProgramData\Baidu Security (Adware.BDPlugin)
MOVED folder: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
MOVED folder: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk (PUA.KMSpico)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk (PUA.KMSpico)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk (PUA.KMSpico)
MOVED file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk (PUA.KMSpico)
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico (PUA.KMSpico)
MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS)
MOVED folder: C:\Windows\AutoKMS (Trojan.AutoKMS)
MOVED folder: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared\Themes (PUP.InboxEmail)
MOVED folder: C:\Windows\System32\WindowsInternal.Inbox.Shared\Themes (PUP.InboxEmail)
MOVED folder: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared (PUP.InboxEmail)
MOVED folder: C:\Windows\System32\WindowsInternal.Inbox.Shared (PUP.InboxEmail)
MOVED file: C:\Users\Douglas\AppData\Roaming\mystartsearch\UninstallManager.exe [Skytech Co., Ltd. - Skytech] (PUP.StartSearch)
MOVED folder: C:\Users\Douglas\AppData\Roaming\mystartsearch\log (PUP.StartSearch)
MOVED folder: C:\Users\Douglas\AppData\Roaming\mystartsearch (PUP.StartSearch)
MOVED folder: C:\Users\Douglas\AppData\Local\Temp\SourceApp (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\KMSPICO - VINICIUS TUTORIAIS.-F7D92956.pf (PUA.KMSpico)
MOVED file: C:\Windows\Prefetch\N5BLOCKANDSURFB70.EXE-E6F118A5.pf (PUP.BlockAndSurf)
MOVED file: C:\Windows\Prefetch\SOURCEAPP.BROWSERADAPTER.EXE-F871F54D.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\SOURCEAPP.EXPEXT.EXE-82AA02DA.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\SOURCEAPP.MG.EXE-83D0D5A9.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\SOURCEAPP.PURBROWSE.EXE-0AAD47B1.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\SOURCEAPPUNINSTALL.EXE-4B4A0E4F.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\SOURCEAPP_SETUP.EXE-B2F82EF7.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\UPDATESOURCEAPP.EXE-E9E56E24.pf (PUP.SourceApp)
MOVED file: C:\Windows\Prefetch\UTILSOURCEAPP.EXE-000A78AC.pf (PUP.SourceApp)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.sourceapp.info_0.localstorage (PUP.SourceApp)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_api.sourceapp.info_0.localstorage-journal (PUP.SourceApp)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage (PUP.SpecialSavings)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage (PUP.StartSearch)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal (PUP.StartSearch)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage (PUP.SpecialSavings)
MOVED file*: C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
MOVED file: C:\Windows\SECOH-QAD.exe (PUA.KMSpico)
MOVED file: C:\END (Toolbar.Conduit)
---\\ Registry ( Key, Value, Data) (29)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw [C:\Windows\System32\drivers\{606fa7f3-7589-49ce-b649-a27599ed0d38}Gw.sys] (PUP.LinkiDoo)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\{9e225977-4791-4356-911d-90b292281075}Gw [C:\Windows\System32\drivers\{9e225977-4791-4356-911d-90b292281075}Gw.sys] (PUP.LinkiDoo)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] (PUA.KMSpico)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1 [C:\Program Files\KMSpico\WinDivert.sys] (PUA.KMSpico)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service] (PUP.Fuyu)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\XTab\ProtectService.exe] (Adware.AgentODR)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds[...]] [mystartsearch] (PUP.StartSearch)
DELETED key: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD3200BEVT-00A22T0_WD-WX2[...]] [mystartsearch] (PUP.StartSearch)
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\InprocServer32 [C:\Program Files\XTab\SupTab.dll] (PUP.SupTab)
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32 [C:\Program Files\SourceApp\bin\9e22597747914356911d90b292281075.dll] (PUP.SourceApp)
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} [IETabPage Class] (PUP.SupTab)
DELETED key: HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} [Manager Class] (PUP.SourceApp)
DELETED key: HKCR\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} [IMdt] (Adware.IMBooster)
DELETED key: HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} [IManager] (Adware.IMBooster)
DELETED key: HKCU\Software\Conduit [] (Toolbar.Conduit)
DELETED key: HKCU\Software\GSpot Appliance Corp [] (PUP.ApplianTechnologies)
DELETED key: HKCU\Software\AppDataLow\Software\BlockAndSurf [] (PUP.BlockAndSurf)
DELETED key: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect [] (PUP.Fuyu)
DELETED key: HKLM\SOFTWARE\IHProtect [] (Adware.AgentODR)
DELETED key: HKLM\SOFTWARE\mystartsearchSoftware [] (PUP.StartSearch)
DELETED key: HKLM\SOFTWARE\SupDp [] (PUP.SupTab)
DELETED key: HKLM\SOFTWARE\supTab [] (PUP.SupTab)
DELETED key: HKLM\SOFTWARE\supWindowsMangerProtect [] (PUP.Fuyu)
DELETED key: HKLM\SOFTWARE\Microsoft\Tracing\updateSourceApp_RASAPI32 [] (PUP.SourceApp)
DELETED key: HKLM\SOFTWARE\Microsoft\Tracing\updateSourceApp_RASMANCS [] (PUP.SourceApp)
DELETED key: HKLM\SOFTWARE\Microsoft\Tracing\utilSourceApp_RASAPI32 [] (PUP.SourceApp)
DELETED key: HKLM\SOFTWARE\Microsoft\Tracing\utilSourceApp_RASMANCS [] (PUP.SourceApp)
DELETED key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 [KMSpico v9.2.3] (PUA.KMSpico)
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
---\\ Statistics
~ Items scanned : 63049
~ Items found : 0
~ Items repaired : 118
End of clean at 22:07:58
===================
ZHPCleaner-[R]-09022015-22_07_58.txt
ZHPCleaner-[S]-09022015-00_47_39.txt
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Seg 09 Fev 2015, 23:49
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Sáb 14 Fev 2015, 23:42
Segue abaixo o relatorio
# AdwCleaner v4.110 - Logfile created 14/02/2015 at 22:34:47
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1 Pro (x86)
# Username : Douglas - DOUGLAS
# Running from : C:\Users\Douglas\Downloads\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : WindowsMangerProtect
Service Deleted : rcores
Service Deleted : serversu
***** [ Files / Folders ] *****
Folder Deleted : C:\MovieWizard
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\BubbleSound
Folder Deleted : C:\Users\Douglas\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Douglas\AppData\Roaming\baidu
Folder Deleted : C:\Users\Douglas\AppData\Roaming\istartsurf
Folder Deleted : C:\Users\Douglas\AppData\Roaming\SoftwareUpdater
Folder Deleted : C:\Users\Douglas\AppData\Roaming\Taplika
Folder Deleted : C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\Extensions\faststartff@gmail.com
Folder Deleted : C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\Extensions\fftoolbar2014@etech.com
File Deleted : C:\Windows\rcore.exe
File Deleted : C:\Users\Douglas\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\searchplugins\istartsurf.xml
File Deleted : C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\user.js
File Deleted : C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\searchplugins\Taplika.xml
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
***** [ Scheduled tasks ] *****
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchSignup
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [3D BubbleSound]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04C108DE-EA1F-48C2-857D-3269A246F6F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3C2CA221-6D7B-44FE-AD0F-D7EA8EC46C8C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Wnkey
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17037
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v35.0.1 (x86 pt-BR)
[m2zlx07q.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "istartsurf");
[m2zlx07q.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[m2zlx07q.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "istartsurf");
[m2zlx07q.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1423961077&from=tugs&uid=WDCXWD3200BEVT-00A22T0_WD-WX21A40E4111E4111&q={searchTerms}");
-\\ Google Chrome v40.0.2214.111
[C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [286 bytes] - [14/02/2015 22:01:24]
AdwCleaner[R1].txt - [14650 bytes] - [14/02/2015 22:27:05]
AdwCleaner[S0].txt - [13956 bytes] - [14/02/2015 22:34:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14016 bytes] ##########
# AdwCleaner v4.110 - Logfile created 14/02/2015 at 22:34:47
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1 Pro (x86)
# Username : Douglas - DOUGLAS
# Running from : C:\Users\Douglas\Downloads\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : WindowsMangerProtect
Service Deleted : rcores
Service Deleted : serversu
***** [ Files / Folders ] *****
Folder Deleted : C:\MovieWizard
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\BubbleSound
Folder Deleted : C:\Users\Douglas\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Douglas\AppData\Roaming\baidu
Folder Deleted : C:\Users\Douglas\AppData\Roaming\istartsurf
Folder Deleted : C:\Users\Douglas\AppData\Roaming\SoftwareUpdater
Folder Deleted : C:\Users\Douglas\AppData\Roaming\Taplika
Folder Deleted : C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\Extensions\faststartff@gmail.com
Folder Deleted : C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\Extensions\fftoolbar2014@etech.com
File Deleted : C:\Windows\rcore.exe
File Deleted : C:\Users\Douglas\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\searchplugins\istartsurf.xml
File Deleted : C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\user.js
File Deleted : C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\searchplugins\Taplika.xml
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
File Deleted : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
***** [ Scheduled tasks ] *****
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchSignup
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [3D BubbleSound]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04C108DE-EA1F-48C2-857D-3269A246F6F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3C2CA221-6D7B-44FE-AD0F-D7EA8EC46C8C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Wnkey
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17037
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v35.0.1 (x86 pt-BR)
[m2zlx07q.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "istartsurf");
[m2zlx07q.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[m2zlx07q.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "istartsurf");
[m2zlx07q.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1423961077&from=tugs&uid=WDCXWD3200BEVT-00A22T0_WD-WX21A40E4111E4111&q={searchTerms}");
-\\ Google Chrome v40.0.2214.111
[C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [286 bytes] - [14/02/2015 22:01:24]
AdwCleaner[R1].txt - [14650 bytes] - [14/02/2015 22:27:05]
AdwCleaner[S0].txt - [13956 bytes] - [14/02/2015 22:34:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14016 bytes] ##########
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Sáb 14 Fev 2015, 23:45
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Sex 20 Fev 2015, 00:31
Olá boa noite, desculpe a demora mas estava sem internet desde domingo, só pude responder agora e somente a noite.
Segue abaixo o relatório...
Zoek.exe v5.0.0.0 Updated 19-February-2015
Tool run by Douglas on 19/02/2015 at 22:51:33,34.
Microsoft Windows 8.1 Pro 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Douglas\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-20-004502.log 372 bytes
==== System Restore Info ======================
19/02/2015 23:02:29 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\Program Files\RBM deleted successfully
C:\PROGRA~2\Real deleted successfully
C:\Users\Douglas\AppData\Roaming\Real deleted successfully
C:\Users\Douglas\AppData\Roaming\searchult deleted successfully
C:\Users\Douglas\AppData\Local\Real deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.search.defaultenginename", "webssearches");
user_pref("browser.search.selectedEngine", "webssearches");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_022015_2317_.backup
==== Deleting Files \ Folders ======================
C:\Users\Douglas\AppData\Local\12026765 deleted
C:\Users\Douglas\AppData\Local\com deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\searchplugins\webssearches.xml deleted
"C:\Users\Douglas\AppData\Roaming\ntsvc\ntsvc.exe" deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009\JOSrv.exe" deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009\nsgD833.tmpfs" deleted
"C:\Users\Douglas\AppData\Roaming\ntsvc" not deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009" not deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"searchengine@gmail.com"="C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com" [14/02/2015 21:42]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Undetermined - {9BAE5926-8513-417d-8E47-774955A7C60D}
- jid0wpCH2liWmuMjc8AV1VWejWvGjBIjetpack - %ProfilePath%\extensions\jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Search Enginer - %ProfilePath%\extensions\searchengine@gmail.com
- 9BAE59268513417d8E47774955A7C60D - %ProfilePath%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
600B82FB81E6EE36A3D9C33B96B0BB0A - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
5DB82B8C515C875AE58E1B8B5997416B - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
2CDA67C1309CA966D8EFEE4EE0D6CA92 - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.111 (Possible outdated, latest Stable version: 40.0.2214.115)
Google Slides - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
fommidcneendjonelhhhkmoekeicedej - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej
geelfhphabnejjhdalkjhgipohgpdnoc - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc
Google Wallet - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Douglas\Desktop\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Douglas\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\Desktop\ZHPCleaner.lnk - C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner.exe
C:\Users\Douglas\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\Users\Public\Desktop\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - E:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Desinstalar Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - E:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\CoreVorbis.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {0835DC4B-AA01-48C3-A42D-FD62C530A3E1}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe vsfilter.dll,DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe ff_vfw.dll,configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage additional settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=fixes,additional_settings,backup_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage installed codecs and filters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log,dsfilter_management,codec_management,dmo_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage preferred splitters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\RealMedia.lnk - E:\Program Files\K-Lite Codec Pack\Real\settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings /components=*resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\FAQ.lnk - E:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - E:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk - E:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - E:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - E:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - E:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - E:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - E:\Program Files\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\SkyDrive Pro 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Uninstall Quantum.lnk - E:\Program Files\Quantum\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Desinstalar SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Leiaute de Folha.lnk - C:\Program Files\CAIXA\SEFIP\FOLHA.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual de Erros e Ações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual Operacional.lnk - C:\Program Files\CAIXA\SEFIP\Manual Operacional.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\1DNYA6QP will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Douglas\AppData\Local\Mozilla\Firefox\Profiles\m2zlx07q.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=18 folders=8 1960915 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Douglas\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Douglas\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009" not found
"C:\Users\Douglas\AppData\Roaming\ntsvc" not found
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\1DNYA6QP" not found
==== EOF on 19/02/2015 at 23:23:20,24 ======================
Segue abaixo o relatório...
Zoek.exe v5.0.0.0 Updated 19-February-2015
Tool run by Douglas on 19/02/2015 at 22:51:33,34.
Microsoft Windows 8.1 Pro 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Douglas\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-20-004502.log 372 bytes
==== System Restore Info ======================
19/02/2015 23:02:29 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\Program Files\RBM deleted successfully
C:\PROGRA~2\Real deleted successfully
C:\Users\Douglas\AppData\Roaming\Real deleted successfully
C:\Users\Douglas\AppData\Roaming\searchult deleted successfully
C:\Users\Douglas\AppData\Local\Real deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.search.defaultenginename", "webssearches");
user_pref("browser.search.selectedEngine", "webssearches");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_022015_2317_.backup
==== Deleting Files \ Folders ======================
C:\Users\Douglas\AppData\Local\12026765 deleted
C:\Users\Douglas\AppData\Local\com deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\searchplugins\webssearches.xml deleted
"C:\Users\Douglas\AppData\Roaming\ntsvc\ntsvc.exe" deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009\JOSrv.exe" deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009\nsgD833.tmpfs" deleted
"C:\Users\Douglas\AppData\Roaming\ntsvc" not deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009" not deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"searchengine@gmail.com"="C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com" [14/02/2015 21:42]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Undetermined - {9BAE5926-8513-417d-8E47-774955A7C60D}
- jid0wpCH2liWmuMjc8AV1VWejWvGjBIjetpack - %ProfilePath%\extensions\jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Search Enginer - %ProfilePath%\extensions\searchengine@gmail.com
- 9BAE59268513417d8E47774955A7C60D - %ProfilePath%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
600B82FB81E6EE36A3D9C33B96B0BB0A - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
5DB82B8C515C875AE58E1B8B5997416B - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
2CDA67C1309CA966D8EFEE4EE0D6CA92 - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.111 (Possible outdated, latest Stable version: 40.0.2214.115)
Google Slides - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
fommidcneendjonelhhhkmoekeicedej - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej
geelfhphabnejjhdalkjhgipohgpdnoc - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc
Google Wallet - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Douglas\Desktop\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Douglas\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\Desktop\ZHPCleaner.lnk - C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner.exe
C:\Users\Douglas\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\Users\Public\Desktop\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - E:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Desinstalar Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - E:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\CoreVorbis.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {0835DC4B-AA01-48C3-A42D-FD62C530A3E1}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe vsfilter.dll,DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe ff_vfw.dll,configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage additional settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=fixes,additional_settings,backup_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage installed codecs and filters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log,dsfilter_management,codec_management,dmo_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage preferred splitters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\RealMedia.lnk - E:\Program Files\K-Lite Codec Pack\Real\settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings /components=*resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\FAQ.lnk - E:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - E:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk - E:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - E:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - E:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - E:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - E:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - E:\Program Files\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\SkyDrive Pro 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Uninstall Quantum.lnk - E:\Program Files\Quantum\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Desinstalar SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Leiaute de Folha.lnk - C:\Program Files\CAIXA\SEFIP\FOLHA.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual de Erros e Ações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual Operacional.lnk - C:\Program Files\CAIXA\SEFIP\Manual Operacional.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\1DNYA6QP will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Douglas\AppData\Local\Mozilla\Firefox\Profiles\m2zlx07q.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=18 folders=8 1960915 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Douglas\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Douglas\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009" not found
"C:\Users\Douglas\AppData\Roaming\ntsvc" not found
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\1DNYA6QP" not found
==== EOF on 19/02/2015 at 23:23:20,24 ======================
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Douglas Lima Sex 20 Fev 2015, 00:34
Olá boa noite, desculpe a demora mas estava sem internet desde domingo, só pude responder agora e somente a noite.
Segue abaixo o relatório...
Zoek.exe v5.0.0.0 Updated 19-February-2015
Tool run by Douglas on 19/02/2015 at 22:51:33,34.
Microsoft Windows 8.1 Pro 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Douglas\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-20-004502.log 372 bytes
==== System Restore Info ======================
19/02/2015 23:02:29 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\Program Files\RBM deleted successfully
C:\PROGRA~2\Real deleted successfully
C:\Users\Douglas\AppData\Roaming\Real deleted successfully
C:\Users\Douglas\AppData\Roaming\searchult deleted successfully
C:\Users\Douglas\AppData\Local\Real deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.search.defaultenginename", "webssearches");
user_pref("browser.search.selectedEngine", "webssearches");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_022015_2317_.backup
==== Deleting Files \ Folders ======================
C:\Users\Douglas\AppData\Local\12026765 deleted
C:\Users\Douglas\AppData\Local\com deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\searchplugins\webssearches.xml deleted
"C:\Users\Douglas\AppData\Roaming\ntsvc\ntsvc.exe" deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009\JOSrv.exe" deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009\nsgD833.tmpfs" deleted
"C:\Users\Douglas\AppData\Roaming\ntsvc" not deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009" not deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"searchengine@gmail.com"="C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com" [14/02/2015 21:42]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Undetermined - {9BAE5926-8513-417d-8E47-774955A7C60D}
- jid0wpCH2liWmuMjc8AV1VWejWvGjBIjetpack - %ProfilePath%\extensions\jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Search Enginer - %ProfilePath%\extensions\searchengine@gmail.com
- 9BAE59268513417d8E47774955A7C60D - %ProfilePath%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
600B82FB81E6EE36A3D9C33B96B0BB0A - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
5DB82B8C515C875AE58E1B8B5997416B - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
2CDA67C1309CA966D8EFEE4EE0D6CA92 - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.111 (Possible outdated, latest Stable version: 40.0.2214.115)
Google Slides - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
fommidcneendjonelhhhkmoekeicedej - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej
geelfhphabnejjhdalkjhgipohgpdnoc - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc
Google Wallet - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Douglas\Desktop\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Douglas\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\Desktop\ZHPCleaner.lnk - C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner.exe
C:\Users\Douglas\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\Users\Public\Desktop\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - E:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Desinstalar Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - E:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\CoreVorbis.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {0835DC4B-AA01-48C3-A42D-FD62C530A3E1}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe vsfilter.dll,DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe ff_vfw.dll,configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage additional settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=fixes,additional_settings,backup_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage installed codecs and filters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log,dsfilter_management,codec_management,dmo_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage preferred splitters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\RealMedia.lnk - E:\Program Files\K-Lite Codec Pack\Real\settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings /components=*resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\FAQ.lnk - E:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - E:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk - E:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - E:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - E:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - E:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - E:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - E:\Program Files\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\SkyDrive Pro 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Uninstall Quantum.lnk - E:\Program Files\Quantum\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Desinstalar SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Leiaute de Folha.lnk - C:\Program Files\CAIXA\SEFIP\FOLHA.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual de Erros e Ações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual Operacional.lnk - C:\Program Files\CAIXA\SEFIP\Manual Operacional.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\1DNYA6QP will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Douglas\AppData\Local\Mozilla\Firefox\Profiles\m2zlx07q.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=18 folders=8 1960915 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Douglas\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Douglas\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009" not found
"C:\Users\Douglas\AppData\Roaming\ntsvc" not found
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\1DNYA6QP" not found
==== EOF on 19/02/2015 at 23:23:20,24 ======================
Segue abaixo o relatório...
Zoek.exe v5.0.0.0 Updated 19-February-2015
Tool run by Douglas on 19/02/2015 at 22:51:33,34.
Microsoft Windows 8.1 Pro 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Douglas\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-20-004502.log 372 bytes
==== System Restore Info ======================
19/02/2015 23:02:29 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\Program Files\RBM deleted successfully
C:\PROGRA~2\Real deleted successfully
C:\Users\Douglas\AppData\Roaming\Real deleted successfully
C:\Users\Douglas\AppData\Roaming\searchult deleted successfully
C:\Users\Douglas\AppData\Local\Real deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.search.defaultenginename", "webssearches");
user_pref("browser.search.selectedEngine", "webssearches");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_022015_2317_.backup
==== Deleting Files \ Folders ======================
C:\Users\Douglas\AppData\Local\12026765 deleted
C:\Users\Douglas\AppData\Local\com deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\searchplugins\webssearches.xml deleted
"C:\Users\Douglas\AppData\Roaming\ntsvc\ntsvc.exe" deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009\JOSrv.exe" deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009\nsgD833.tmpfs" deleted
"C:\Users\Douglas\AppData\Roaming\ntsvc" not deleted
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009" not deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"searchengine@gmail.com"="C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com" [14/02/2015 21:42]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Undetermined - {9BAE5926-8513-417d-8E47-774955A7C60D}
- jid0wpCH2liWmuMjc8AV1VWejWvGjBIjetpack - %ProfilePath%\extensions\jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Search Enginer - %ProfilePath%\extensions\searchengine@gmail.com
- 9BAE59268513417d8E47774955A7C60D - %ProfilePath%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
600B82FB81E6EE36A3D9C33B96B0BB0A - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
5DB82B8C515C875AE58E1B8B5997416B - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
2CDA67C1309CA966D8EFEE4EE0D6CA92 - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.111 (Possible outdated, latest Stable version: 40.0.2214.115)
Google Slides - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
fommidcneendjonelhhhkmoekeicedej - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej
geelfhphabnejjhdalkjhgipohgpdnoc - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc
Google Wallet - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Douglas\Desktop\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Douglas\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\Desktop\ZHPCleaner.lnk - C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner.exe
C:\Users\Douglas\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\Users\Public\Desktop\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - E:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Desinstalar Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - E:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\CoreVorbis.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {0835DC4B-AA01-48C3-A42D-FD62C530A3E1}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe vsfilter.dll,DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe ff_vfw.dll,configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage additional settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=fixes,additional_settings,backup_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage installed codecs and filters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log,dsfilter_management,codec_management,dmo_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage preferred splitters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\RealMedia.lnk - E:\Program Files\K-Lite Codec Pack\Real\settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings /components=*resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\FAQ.lnk - E:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - E:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk - E:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - E:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - E:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - E:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - E:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - E:\Program Files\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\SkyDrive Pro 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Uninstall Quantum.lnk - E:\Program Files\Quantum\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Desinstalar SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Leiaute de Folha.lnk - C:\Program Files\CAIXA\SEFIP\FOLHA.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual de Erros e Ações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual Operacional.lnk - C:\Program Files\CAIXA\SEFIP\Manual Operacional.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\1DNYA6QP will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Douglas\AppData\Local\Mozilla\Firefox\Profiles\m2zlx07q.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=18 folders=8 1960915 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Douglas\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Douglas\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Douglas\AppData\Roaming\03000200-1423949702-0500-0006-000700080009" not found
"C:\Users\Douglas\AppData\Roaming\ntsvc" not found
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\1DNYA6QP" not found
==== EOF on 19/02/2015 at 23:23:20,24 ======================
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Sex 20 Fev 2015, 09:48
Faça o download do Malwarebytes em um destes links abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Qui 26 Fev 2015, 20:11
Olá boa noite, desculpe a demora, mais uma vez fiquei um tempo sem internet...
Mando o relatório de Zoek abaixo...Muitas propagandas até atrapalha aqui ao fazer esses procedimentos..
Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Douglas on 26/02/2015 at 19:30:01,66.
Microsoft Windows 8.1 Pro 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Douglas\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-20-022320.log 26015 bytes
==== System Restore Info ======================
26/02/2015 19:32:01 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sed deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\serverjo deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ponebule deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Program Files\Arquivos Comuns deleted
"C:\Program Files\Windows Multimedia Platform" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"searchengine@gmail.com"="C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com" [14/02/2015 21:42]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Undetermined - {9BAE5926-8513-417d-8E47-774955A7C60D}
- jid0wpCH2liWmuMjc8AV1VWejWvGjBIjetpack - %ProfilePath%\extensions\jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Search Enginer - %ProfilePath%\extensions\searchengine@gmail.com
- 9BAE59268513417d8E47774955A7C60D - %ProfilePath%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
600B82FB81E6EE36A3D9C33B96B0BB0A - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
5DB82B8C515C875AE58E1B8B5997416B - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
2CDA67C1309CA966D8EFEE4EE0D6CA92 - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)
Google Slides - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
fommidcneendjonelhhhkmoekeicedej - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej
geelfhphabnejjhdalkjhgipohgpdnoc - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc
Google Wallet - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Douglas\Desktop\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Douglas\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\Desktop\ZHPCleaner.lnk - C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner.exe
C:\Users\Douglas\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\Users\Public\Desktop\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - E:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Desinstalar Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - E:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\CoreVorbis.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {0835DC4B-AA01-48C3-A42D-FD62C530A3E1}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe vsfilter.dll,DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe ff_vfw.dll,configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage additional settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=fixes,additional_settings,backup_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage installed codecs and filters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log,dsfilter_management,codec_management,dmo_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage preferred splitters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\RealMedia.lnk - E:\Program Files\K-Lite Codec Pack\Real\settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings /components=*resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\FAQ.lnk - E:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - E:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk - E:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - E:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - E:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - E:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - E:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - E:\Program Files\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\SkyDrive Pro 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Uninstall Quantum.lnk - E:\Program Files\Quantum\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Desinstalar SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Leiaute de Folha.lnk - C:\Program Files\CAIXA\SEFIP\FOLHA.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual de Erros e Ações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual Operacional.lnk - C:\Program Files\CAIXA\SEFIP\Manual Operacional.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\F9GIQBOK will be deleted at reboot
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\QD1FTSID will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Douglas\AppData\Local\Mozilla\Firefox\Profiles\m2zlx07q.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=19 folders=9 2183807 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Douglas\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Douglas\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\F9GIQBOK" not found
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\QD1FTSID" not found
==== EOF on 26/02/2015 at 19:54:12,53 ======================
Mando o relatório de Zoek abaixo...Muitas propagandas até atrapalha aqui ao fazer esses procedimentos..
Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Douglas on 26/02/2015 at 19:30:01,66.
Microsoft Windows 8.1 Pro 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Douglas\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-20-022320.log 26015 bytes
==== System Restore Info ======================
26/02/2015 19:32:01 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sed deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\serverjo deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ponebule deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Program Files\Arquivos Comuns deleted
"C:\Program Files\Windows Multimedia Platform" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"searchengine@gmail.com"="C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com" [14/02/2015 21:42]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Undetermined - {9BAE5926-8513-417d-8E47-774955A7C60D}
- jid0wpCH2liWmuMjc8AV1VWejWvGjBIjetpack - %ProfilePath%\extensions\jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Search Enginer - %ProfilePath%\extensions\searchengine@gmail.com
- 9BAE59268513417d8E47774955A7C60D - %ProfilePath%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
600B82FB81E6EE36A3D9C33B96B0BB0A - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
5DB82B8C515C875AE58E1B8B5997416B - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
2CDA67C1309CA966D8EFEE4EE0D6CA92 - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)
Google Slides - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
fommidcneendjonelhhhkmoekeicedej - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej
geelfhphabnejjhdalkjhgipohgpdnoc - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc
Google Wallet - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Douglas\Desktop\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Douglas\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\Desktop\ZHPCleaner.lnk - C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner.exe
C:\Users\Douglas\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\Users\Public\Desktop\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - E:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Desinstalar Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - E:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\CoreVorbis.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {0835DC4B-AA01-48C3-A42D-FD62C530A3E1}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe vsfilter.dll,DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe ff_vfw.dll,configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage additional settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=fixes,additional_settings,backup_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage installed codecs and filters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log,dsfilter_management,codec_management,dmo_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage preferred splitters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\RealMedia.lnk - E:\Program Files\K-Lite Codec Pack\Real\settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings /components=*resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\FAQ.lnk - E:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - E:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk - E:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - E:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - E:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - E:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - E:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - E:\Program Files\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\SkyDrive Pro 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Uninstall Quantum.lnk - E:\Program Files\Quantum\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Desinstalar SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Leiaute de Folha.lnk - C:\Program Files\CAIXA\SEFIP\FOLHA.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual de Erros e Ações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual Operacional.lnk - C:\Program Files\CAIXA\SEFIP\Manual Operacional.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\F9GIQBOK will be deleted at reboot
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\QD1FTSID will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Douglas\AppData\Local\Mozilla\Firefox\Profiles\m2zlx07q.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=19 folders=9 2183807 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Douglas\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Douglas\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\F9GIQBOK" not found
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\QD1FTSID" not found
==== EOF on 26/02/2015 at 19:54:12,53 ======================
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Qui 26 Fev 2015, 20:28
Olá Douglas. Você postou o mesmo log do Zoek que você já tinha postado. O que precisamos é do log do Malwarebytes.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Qui 26 Fev 2015, 21:46
Olá boa noite, desculpe a demora mais fiquei novamente sem internet por um tempo...
Mando o relatorio de zoek results.....mas as propagandas atrapalha muito ao fazer esses processos aqui...
Segue abaixo...
Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Douglas on 26/02/2015 at 19:30:01,66.
Microsoft Windows 8.1 Pro 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Douglas\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-20-022320.log 26015 bytes
==== System Restore Info ======================
26/02/2015 19:32:01 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sed deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\serverjo deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ponebule deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Program Files\Arquivos Comuns deleted
"C:\Program Files\Windows Multimedia Platform" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"searchengine@gmail.com"="C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com" [14/02/2015 21:42]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Undetermined - {9BAE5926-8513-417d-8E47-774955A7C60D}
- jid0wpCH2liWmuMjc8AV1VWejWvGjBIjetpack - %ProfilePath%\extensions\jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Search Enginer - %ProfilePath%\extensions\searchengine@gmail.com
- 9BAE59268513417d8E47774955A7C60D - %ProfilePath%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
600B82FB81E6EE36A3D9C33B96B0BB0A - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
5DB82B8C515C875AE58E1B8B5997416B - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
2CDA67C1309CA966D8EFEE4EE0D6CA92 - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)
Google Slides - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
fommidcneendjonelhhhkmoekeicedej - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej
geelfhphabnejjhdalkjhgipohgpdnoc - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc
Google Wallet - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Douglas\Desktop\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Douglas\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\Desktop\ZHPCleaner.lnk - C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner.exe
C:\Users\Douglas\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\Users\Public\Desktop\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - E:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Desinstalar Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - E:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\CoreVorbis.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {0835DC4B-AA01-48C3-A42D-FD62C530A3E1}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe vsfilter.dll,DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe ff_vfw.dll,configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage additional settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=fixes,additional_settings,backup_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage installed codecs and filters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log,dsfilter_management,codec_management,dmo_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage preferred splitters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\RealMedia.lnk - E:\Program Files\K-Lite Codec Pack\Real\settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings /components=*resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\FAQ.lnk - E:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - E:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk - E:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - E:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - E:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - E:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - E:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - E:\Program Files\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\SkyDrive Pro 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Uninstall Quantum.lnk - E:\Program Files\Quantum\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Desinstalar SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Leiaute de Folha.lnk - C:\Program Files\CAIXA\SEFIP\FOLHA.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual de Erros e Ações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual Operacional.lnk - C:\Program Files\CAIXA\SEFIP\Manual Operacional.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\F9GIQBOK will be deleted at reboot
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\QD1FTSID will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Douglas\AppData\Local\Mozilla\Firefox\Profiles\m2zlx07q.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=19 folders=9 2183807 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Douglas\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Douglas\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\F9GIQBOK" not found
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\QD1FTSID" not found
==== EOF on 26/02/2015 at 19:54:12,53 ======================
Mando o relatorio de zoek results.....mas as propagandas atrapalha muito ao fazer esses processos aqui...
Segue abaixo...
Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Douglas on 26/02/2015 at 19:30:01,66.
Microsoft Windows 8.1 Pro 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Douglas\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2015-02-20-022320.log 26015 bytes
==== System Restore Info ======================
26/02/2015 19:32:01 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sed deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\serverjo deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ponebule deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Program Files\Arquivos Comuns deleted
"C:\Program Files\Windows Multimedia Platform" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"searchengine@gmail.com"="C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com" [14/02/2015 21:42]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
- Undetermined - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
- Undetermined - jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Undetermined - {9BAE5926-8513-417d-8E47-774955A7C60D}
- jid0wpCH2liWmuMjc8AV1VWejWvGjBIjetpack - %ProfilePath%\extensions\jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack
- Search Enginer - %ProfilePath%\extensions\searchengine@gmail.com
- 9BAE59268513417d8E47774955A7C60D - %ProfilePath%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
98137411B9C632095F919E2CE70B288A - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll - Google Update
600B82FB81E6EE36A3D9C33B96B0BB0A - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
5DB82B8C515C875AE58E1B8B5997416B - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
2CDA67C1309CA966D8EFEE4EE0D6CA92 - E:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)
Google Slides - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
fommidcneendjonelhhhkmoekeicedej - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\fommidcneendjonelhhhkmoekeicedej
geelfhphabnejjhdalkjhgipohgpdnoc - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc
Google Wallet - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Douglas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage deleted successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.istartsurf.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Douglas\Desktop\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\Users\Douglas\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\Desktop\ZHPCleaner.lnk - C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner.exe
C:\Users\Douglas\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\Users\Public\Desktop\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAIXA\Conectividade Social.lnk - E:\Program Files\CAIXA\CNS\cnsini.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk - E:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\SPTD Setup.lnk - E:\Program Files\DAEMON Tools Lite\SPTDinst-x86.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Desinstalar Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Discador TopSapp\Discador TopSapp.lnk - E:\Program Files\Discador TopSapp\Discador.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - E:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\CoreVorbis.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {0835DC4B-AA01-48C3-A42D-FD62C530A3E1}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe vsfilter.dll,DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\System32\rundll32.exe ff_vfw.dll,configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe ffdshow.ax,configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\System32\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage additional settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=fixes,additional_settings,backup_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage installed codecs and filters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log,dsfilter_management,codec_management,dmo_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Manage preferred splitters.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\RealMedia.lnk - E:\Program Files\K-Lite Codec Pack\Real\settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings /components=*resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - E:\Program Files\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid Encoder.lnk - C:\Windows\System32\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\FAQ.lnk - E:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - E:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - E:\Program Files\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GSpot Codec Information.lnk - E:\Program Files\K-Lite Codec Pack\Tools\gspot\gspot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - E:\Program Files\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - E:\Program Files\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - E:\Program Files\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - E:\Program Files\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - E:\Program Files\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\SkyDrive Pro 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Quantum.lnk - E:\Program Files\Quantum\Quantum.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quantum\Uninstall Quantum.lnk - E:\Program Files\Quantum\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Desinstalar SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Leiaute de Folha.lnk - C:\Program Files\CAIXA\SEFIP\FOLHA.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual de Erros e Ações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\Manual Operacional.lnk - C:\Program Files\CAIXA\SEFIP\Manual Operacional.doc
C:\ProgramData\Microsoft\Windows\Start Menu\SEFIP\SEFIP.lnk - C:\Program Files\CAIXA\SEFIP\Sefip.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Douglas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\F9GIQBOK will be deleted at reboot
C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\QD1FTSID will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Douglas\AppData\Local\Mozilla\Firefox\Profiles\m2zlx07q.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=19 folders=9 2183807 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Douglas\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Douglas\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\F9GIQBOK" not found
"C:\Users\Douglas\AppData\Local\Microsoft\Windows\INetCache\IE\QD1FTSID" not found
==== EOF on 26/02/2015 at 19:54:12,53 ======================
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Douglas Lima Qui 26 Fev 2015, 21:50
Opa desculpa ae foi mal, to ficando doido aqui com esses problemas...
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Qui 26 Fev 2015, 22:06
Ok, fico no aguardo do relatório do malwarebytes
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Sex 27 Fev 2015, 00:32
Olá boa noite, desculpe a demora...segue abaixo o relatorio de LOG da Malwarebytes Anti-Malware.
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data da Verificação: 26/02/2015
Hora da Verificação: 22:05:47
Arquivo de Log: LOG.txt
Administrador: Sim
Versão: 2.00.4.1028
Base de Dados de Malware: v2015.02.26.05
Base de Dados de Rootkit: v2015.02.25.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado
SO: Windows 8.1
Processador: x86
Sistema de Arquivos: NTFS
Usuário: Douglas
Tipo da Verificação: Verificação Personalizada
Resultado: Terminado
Objetos Verificados: 464286
Tempo Decorrido: 1 hr, 49 min, 55 seg
Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
Processos: 0
(Nenhum item malicioso detectado)
Módulos: 3
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\explorerEx.dll, Apagar ao Reiniciar, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\explorerEx.dll, Apagar ao Reiniciar, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\explorerEx.dll, Apagar ao Reiniciar, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
Chaves de Registro: 8
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, Quarentena, [decbc35f6b1f71c5ad82b657e61d53ad],
PUP.Optional.PortalSepeti, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}, Quarentena, [12976ab815758fa7ebf6bd557e85db25],
PUP.Optional.NetMahal, HKLM\SOFTWARE\CLASSES\CLSID\{C7BB73F2-CAD9-4130-B233-FF1651FD0453}, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, HKLM\SOFTWARE\CLASSES\TYPELIB\{E10D3972-C014-4FF7-BFB5-D148B3A8E5B1}, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, HKLM\SOFTWARE\CLASSES\CLSID\{E056AFDD-03E9-4D73-8D33-8FCCBCA73438}, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, HKLM\SOFTWARE\CLASSES\TYPELIB\{6AE5D6F7-E449-4037-BAE3-5FEE5B68F461}, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.CinemaVideoPlus.A, HKU\S-1-5-21-151461706-2587107940-1700456705-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Cinema Video Plus 1.8V14.02-nv-ie, Quarentena, [7c2dd64c8703d95dbe8cf9b1b152dd23],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-151461706-2587107940-1700456705-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MedPlayV3.1-nv-ie, Quarentena, [5455f52db8d20d298db2c961ce37639d],
Valores de Registro: 4
PUP.Optional.NetMahal, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{C7BB73F2-CAD9-4130-B233-FF1651FD0453}, Proc Shell Extension, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11]
PUP.Optional.NetMahal, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{E056AFDD-03E9-4D73-8D33-8FCCBCA73438}, ExplorerEx Shell Extension, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_br_210, Quarentena, [1792b072c8c2a096f56178302cd7e41c],
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com, Quarentena, [416825fda5e53bfb162dcc5ea95c966a]
Dados de Registro: 0
(Nenhum item malicioso detectado)
Pastas: 5
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise, Apagar ao Reiniciar, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome\content, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome\skin, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
Arquivos: 25
PUP.Optional.WindowsProtectManger.A, C:\Users\Douglas\AppData\Roaming\ZHP\Quarantine\ProtectWindowsManager.exe, Quarentena, [1f8acc56e7a377bfd8f5452122dec53b],
PUP.Optional.XTab.A, C:\Users\Douglas\AppData\Roaming\ZHP\Quarantine\ProtectService.exe, Quarentena, [8e1b160c7d0d1f1703c0cd3f7290c13f],
PUP.Optional.SupTab.A, C:\Users\Douglas\AppData\Roaming\ZHP\Quarantine\SupTab.dll, Quarentena, [bced82a07f0b11259e29260ffc0442be],
PUP.Optional.OpenCandy, C:\Users\Douglas\Downloads\DTLite4491-0356.exe, Quarentena, [4069081ac9c10b2b814a49afe421a65a],
PUP.Optional.SoftPulse, C:\Users\Douglas\Downloads\Player Setup.exe, Quarentena, [357426fc1e6cb086a6d0e44052b053ad],
PUP.Optional.WindowsProtectManger.A, C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir, Quarentena, [b1f8e2406822f541b419ea7cc23e9070],
Trojan.Agent, C:\AdwCleaner\Quarantine\C\Windows\rcore.exe.vir, Quarentena, [fbae7ca6acde7db995fc18f27390ad53],
PUP.Optional.AppsInstaller, E:\APLICATIVOS PC\PhotoScape.exe, Quarentena, [2881160c3c4e3df938f5712610f5a45c],
PUP.Optional.Conduit.A, E:\APLICATIVOS PC\Quantum.rar, Quarentena, [2089ad757a107eb8d5a42988d62b23dd],
PUP.Optional.Conduit.A, E:\APLICATIVOS PC\Quantum\Quantum-setup.exe, Quarentena, [0c9d7ba7a6e43ef87306179a837e7789],
Trojan.Agent, E:\JOGOS\Turturiais\COMO COLOCAR BRINDES DE AVATAR\TUTO RUBENS PERFIL OFF+BRINDES AVATAR.rar, Quarentena, [3970a979a1e97bbba571d8b9b050f907],
Trojan.Agent, E:\JOGOS\Aplicativos Xbox\360mpGui-v1.1.3.0.rar, Quarentena, [1594d74bc0ca1b1b987e41503cc47789],
Trojan.Agent, E:\JOGOS\Aplicativos Xbox\ferramentas para itens avatar.rar, Quarentena, [4465c85a3555b18534e2563be9178d73],
Trojan.Agent, E:\JOGOS\Aplicativos Xbox\360mpGui-v1.1.3.0\360mpGui v1.1.3.0.exe, Quarentena, [d8d119098cfec472997d6829817fc040],
PUP.Optional.Taplika.A, C:\Windows\Tasks\Taplika.job, Quarentena, [e8c1af73f8923df9e4a48b184db64bb5],
PUP.Optional.Taplika.A, C:\Windows\System32\Tasks\Taplika, Quarentena, [6049ab7778122115d4b5643fb54e4cb4],
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\RtMenu.dll, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\explorerEx.dll, Apagar ao Reiniciar, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\ProtectInstall.exe, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.WebsSearches.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\searchplugins\webssearches.xml, Quarentena, [8f1a54cedbafaa8ce9deb82305fe49b7],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome.manifest, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\install.rdf, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome\content\toolbar.js, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome\content\toolbar.xul, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome\skin\icon.png, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
Setores Físicos: 0
(Nenhum item malicioso detectado)
(end)
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data da Verificação: 26/02/2015
Hora da Verificação: 22:05:47
Arquivo de Log: LOG.txt
Administrador: Sim
Versão: 2.00.4.1028
Base de Dados de Malware: v2015.02.26.05
Base de Dados de Rootkit: v2015.02.25.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Auto-Proteção: Desabilitado
SO: Windows 8.1
Processador: x86
Sistema de Arquivos: NTFS
Usuário: Douglas
Tipo da Verificação: Verificação Personalizada
Resultado: Terminado
Objetos Verificados: 464286
Tempo Decorrido: 1 hr, 49 min, 55 seg
Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
Processos: 0
(Nenhum item malicioso detectado)
Módulos: 3
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\explorerEx.dll, Apagar ao Reiniciar, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\explorerEx.dll, Apagar ao Reiniciar, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\explorerEx.dll, Apagar ao Reiniciar, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
Chaves de Registro: 8
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, Quarentena, [decbc35f6b1f71c5ad82b657e61d53ad],
PUP.Optional.PortalSepeti, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}, Quarentena, [12976ab815758fa7ebf6bd557e85db25],
PUP.Optional.NetMahal, HKLM\SOFTWARE\CLASSES\CLSID\{C7BB73F2-CAD9-4130-B233-FF1651FD0453}, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, HKLM\SOFTWARE\CLASSES\TYPELIB\{E10D3972-C014-4FF7-BFB5-D148B3A8E5B1}, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, HKLM\SOFTWARE\CLASSES\CLSID\{E056AFDD-03E9-4D73-8D33-8FCCBCA73438}, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, HKLM\SOFTWARE\CLASSES\TYPELIB\{6AE5D6F7-E449-4037-BAE3-5FEE5B68F461}, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.CinemaVideoPlus.A, HKU\S-1-5-21-151461706-2587107940-1700456705-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Cinema Video Plus 1.8V14.02-nv-ie, Quarentena, [7c2dd64c8703d95dbe8cf9b1b152dd23],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-151461706-2587107940-1700456705-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MedPlayV3.1-nv-ie, Quarentena, [5455f52db8d20d298db2c961ce37639d],
Valores de Registro: 4
PUP.Optional.NetMahal, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{C7BB73F2-CAD9-4130-B233-FF1651FD0453}, Proc Shell Extension, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11]
PUP.Optional.NetMahal, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{E056AFDD-03E9-4D73-8D33-8FCCBCA73438}, ExplorerEx Shell Extension, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_br_210, Quarentena, [1792b072c8c2a096f56178302cd7e41c],
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com, Quarentena, [416825fda5e53bfb162dcc5ea95c966a]
Dados de Registro: 0
(Nenhum item malicioso detectado)
Pastas: 5
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise, Apagar ao Reiniciar, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome\content, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome\skin, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
Arquivos: 25
PUP.Optional.WindowsProtectManger.A, C:\Users\Douglas\AppData\Roaming\ZHP\Quarantine\ProtectWindowsManager.exe, Quarentena, [1f8acc56e7a377bfd8f5452122dec53b],
PUP.Optional.XTab.A, C:\Users\Douglas\AppData\Roaming\ZHP\Quarantine\ProtectService.exe, Quarentena, [8e1b160c7d0d1f1703c0cd3f7290c13f],
PUP.Optional.SupTab.A, C:\Users\Douglas\AppData\Roaming\ZHP\Quarantine\SupTab.dll, Quarentena, [bced82a07f0b11259e29260ffc0442be],
PUP.Optional.OpenCandy, C:\Users\Douglas\Downloads\DTLite4491-0356.exe, Quarentena, [4069081ac9c10b2b814a49afe421a65a],
PUP.Optional.SoftPulse, C:\Users\Douglas\Downloads\Player Setup.exe, Quarentena, [357426fc1e6cb086a6d0e44052b053ad],
PUP.Optional.WindowsProtectManger.A, C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir, Quarentena, [b1f8e2406822f541b419ea7cc23e9070],
Trojan.Agent, C:\AdwCleaner\Quarantine\C\Windows\rcore.exe.vir, Quarentena, [fbae7ca6acde7db995fc18f27390ad53],
PUP.Optional.AppsInstaller, E:\APLICATIVOS PC\PhotoScape.exe, Quarentena, [2881160c3c4e3df938f5712610f5a45c],
PUP.Optional.Conduit.A, E:\APLICATIVOS PC\Quantum.rar, Quarentena, [2089ad757a107eb8d5a42988d62b23dd],
PUP.Optional.Conduit.A, E:\APLICATIVOS PC\Quantum\Quantum-setup.exe, Quarentena, [0c9d7ba7a6e43ef87306179a837e7789],
Trojan.Agent, E:\JOGOS\Turturiais\COMO COLOCAR BRINDES DE AVATAR\TUTO RUBENS PERFIL OFF+BRINDES AVATAR.rar, Quarentena, [3970a979a1e97bbba571d8b9b050f907],
Trojan.Agent, E:\JOGOS\Aplicativos Xbox\360mpGui-v1.1.3.0.rar, Quarentena, [1594d74bc0ca1b1b987e41503cc47789],
Trojan.Agent, E:\JOGOS\Aplicativos Xbox\ferramentas para itens avatar.rar, Quarentena, [4465c85a3555b18534e2563be9178d73],
Trojan.Agent, E:\JOGOS\Aplicativos Xbox\360mpGui-v1.1.3.0\360mpGui v1.1.3.0.exe, Quarentena, [d8d119098cfec472997d6829817fc040],
PUP.Optional.Taplika.A, C:\Windows\Tasks\Taplika.job, Quarentena, [e8c1af73f8923df9e4a48b184db64bb5],
PUP.Optional.Taplika.A, C:\Windows\System32\Tasks\Taplika, Quarentena, [6049ab7778122115d4b5643fb54e4cb4],
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\RtMenu.dll, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\explorerEx.dll, Apagar ao Reiniciar, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.NetMahal, C:\Users\Douglas\AppData\Roaming\Macwebtoise\ProtectInstall.exe, Quarentena, [f2b7b56d1d6d44f20ec6fcca9f64ef11],
PUP.Optional.WebsSearches.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\searchplugins\webssearches.xml, Quarentena, [8f1a54cedbafaa8ce9deb82305fe49b7],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome.manifest, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\install.rdf, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome\content\toolbar.js, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome\content\toolbar.xul, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
PUP.Optional.SearchEngine.A, C:\Users\Douglas\AppData\Roaming\Mozilla\Firefox\Profiles\m2zlx07q.default\extensions\searchengine@gmail.com\chrome\skin\icon.png, Quarentena, [bced43dfdab069cdbe4bc5d3e81b60a0],
Setores Físicos: 0
(Nenhum item malicioso detectado)
(end)
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Re: Propagandas Indesejáveis
por Power Max Sex 27 Fev 2015, 08:33
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Propagandas Indesejáveis
por Douglas Lima Sex 27 Fev 2015, 22:06
Olá boa noite, segue abaixo o relatório da JRT...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Pro x86
Ran by Douglas on 27/02/2015 at 21:57:26,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-151461706-2587107940-1700456705-1001
Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC.TMP-7486B4A6.pf
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Douglas\AppData\Roaming\mozilla\firefox\profiles\m2zlx07q.default\prefs.js
user_pref("browser.search.defaultenginename", "webssearches");
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "tugs");
user_pref("browser.search.searchengine.uid", "WDCXWD3200BEVT-00A22T0_WD-WX21A40E4111E4111");
user_pref("browser.search.selectedEngine", "webssearches");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/02/2015 at 22:00:37,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Pro x86
Ran by Douglas on 27/02/2015 at 21:57:26,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-151461706-2587107940-1700456705-1001
Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC.TMP-7486B4A6.pf
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Douglas\AppData\Roaming\mozilla\firefox\profiles\m2zlx07q.default\prefs.js
user_pref("browser.search.defaultenginename", "webssearches");
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "tugs");
user_pref("browser.search.searchengine.uid", "WDCXWD3200BEVT-00A22T0_WD-WX21A40E4111E4111");
user_pref("browser.search.selectedEngine", "webssearches");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/02/2015 at 22:00:37,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Douglas Lima- Membro
- Mensagens : 67
Reputação : 1
Data de inscrição : 03/11/2013
Idade : 41
Página 1 de 3 • 1, 2, 3
Tópicos semelhantes» propagandas indesejaveis
» Propagandas indesejaveis nos sites
» Ícones no desktop indesejáveis e contaminados
» Invasores indesejáveis - Remoção
» Remoçao de virus indesejaveis
» Propagandas indesejaveis nos sites
» Ícones no desktop indesejáveis e contaminados
» Invasores indesejáveis - Remoção
» Remoçao de virus indesejaveis
Página 1 de 3
Permissões neste sub-fórum
Não podes responder a tópicos