malware-gen

por gilberto inacio Ter 11 Fev 2014, 18:23

Detectei Malware-gen na pasta setup do meu mini modem, porém não consegui realizar ação alguma com anti-vírus (avast), nem remove-lo com anti-malware (malwarebytes). É possivel formata-lo?

por **Power Max** Ter 11 Fev 2014, 18:39

Olá Gilberto. Seja bem vindo ao Fórum PC Brasil.

Talvez isso seja um falso-positivo (um engano por parte do antivírus).

Para você ver se os arquivos desta pasta são perigosos ou seguros, acesse o site abaixo e envie estes arquivos para serem analisados (um de cada vez):
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Este site acima analisa o arquivo com vários antivírus ao mesmo tempo, o que dá muito mais segurança no resultado da análise.

por gilberto inacio Ter 11 Fev 2014, 20:22

Foi detectado um vírus realmente, a duvida é como elimina-lo já que o mini modem não pode ser acessado pelo anti-vírus? O respectivo nome do vírus detectado pelo anti-vírus é " Win32:Malware-gen ".

por **Power Max** Ter 11 Fev 2014, 22:19

gilberto inacio escreveu: Foi detectado um vírus realmente

No Vírus Total só um antivírus detectou o vírus ou foram vários antivírus que o detectaram?

Se forem vários antivírus que o detectaram, seria bom acessar o suporte deste equipamento no site oficial do fabricante, relate esse problema a eles e siga as orientações que lhe passarem.

por Convidado Ter 11 Fev 2014, 22:59

Acredito também que é um falso positivo, pois esses tipos de modem possui memória flash somente leitura que já vem integrado seu próprio software instalado em sua memória, sendo somente leitura não é possível formata-lo.

malware-gen 960671

por Lord Enigm@ Ter 11 Fev 2014, 23:05

Olá!

gilberto inacio escreveu:

Foi detectado um vírus realmente, a duvida é como elimina-lo já que o mini modem não pode ser acessado pelo anti-vírus? O respectivo nome do vírus detectado pelo anti-vírus é " Win32:Malware-gen ".

Qual o nome do(s) arquivo(s) de foi(ram) supostamente detectado(s)?

Algúns discadores de modens são tratados como malwares por algúns antivírus desactualizados.

por gilberto inacio Qua 12 Fev 2014, 17:56

Ontem (11/02) estava recebendo ajuda no caso malware-gen mas infelizmente não pude continuar. O fato é que escanei o dispositivo no "vírus total" e vários antivírus detectaram uma ameaça, fui instruído a usar o "Runscanner" então gostaria de prosseguir com a ação se possível!

por **Power Max** Qua 12 Fev 2014, 19:00

No caso do Runscanner e outros programas parecidos é bom para ver se há vírus no PC para remove-los.

Caso você desconfie que ele possa estar contaminado, siga esta dica abaixo:

malware-gen 772309

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por gilberto inacio Qui 13 Fev 2014, 08:19

o link que me enviou deu erro.

por **Power Max** Qui 13 Fev 2014, 10:18

O link aqui está funcionando corretamente, é este abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por gilberto inacio Qui 13 Fev 2014, 13:14

Não entendi, o link que me enviou só da erro. Baixei o ZhpDiag, se servir o diagnostico está em anexo.

por **Power Max** Qui 13 Fev 2014, 13:22

Baixei o ZhpDiag, se servir o diagnostico está em anexo.

Não apareceu o anexo, seria bom colocá-lo novamente ou então copiar o seu conteúdo e postar aqui no seu tópico.

por gilberto inacio Qui 13 Fev 2014, 18:30

Pois é, só isso de relatório. Parte 1

~ Relatório do ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Iniciado por Marcela (13/02/2014 17:56:11)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 15.0.1

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1504.0
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.10 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 10 Plugin
Adobe Reader X
Java 7 Update 7

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6038 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 532 GB (77%) free of 685 GB

---\\ Modo de conexão ao sistema
~ Computer Name: MARCELA-PC
~ User Name: Marcela
~ All Users Names: Marcela, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcela\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcela\AppData\Roaming\
~ %Desktop% : C:\Users\Marcela\Desktop\
~ %Favorites% : C:\Users\Marcela\Favorites\
~ %LocalAppData% : C:\Users\Marcela\AppData\Local\
~ %StartMenu% : C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 532 Go of 685 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.26/12/2011 - 23:42:32.) -- C:\WINDOWS\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\WINDOWS\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/11/2013 - 04:07:57.) -- C:\WINDOWS\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.21/11/2010 - 00:24:29.) -- C:\WINDOWS\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\WINDOWS\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\WINDOWS\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\WINDOWS\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/12/2011 - 23:42:26.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\WINDOWS\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\WINDOWS\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\WINDOWS\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\WINDOWS\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/1209
~ Mes musiques (My Musics) : 5/3726
~ Mes Videos (My Videos) : 1/93
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 5/9084
~ Mon Bureau (My Desktop) : 6/824
~ Menu demarrer (Programs) : 1/40
~ Hidden Files: Scanned in 00mn 01s

---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2300]
[MD5.1B73E4F334273C9E28A6381E5AD6FD89] - (...) -- C:\Users\Marcela\AppData\Roaming\SisPlugin\START.exe [512512] [PID.4288]
[MD5.078AF987457CDBADE4AC679AD3EAFBAA] - (.Sensible Vision - FATrayMon.) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832] [PID.4680]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [54576] [PID.4924]
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275072] [PID.5096]
[MD5.043D3570D9177818FE3B57C6228AA5A9] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.5108]
[MD5.9FA9DEF4687CCAC43B8105D28C709289] - (.Sensible Vision - FATrayAlert Application.) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe [2006664] [PID.4780]
[MD5.C180E890FFE0FDED8306427D3C836AF2] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [174952] [PID.4604]
[MD5.B29A08A0CB56CD5A4B9C53A011819657] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [565096] [PID.4128]
[MD5.66BB5B07696219FA334452D6F51FD648] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [366720] [PID.4844]
[MD5.B113DD4B4CA1AB5937909E8B71913751] - (...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe [341920] [PID.4316]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Users\Marcela\AppData\Local\Google\Chrome\Application\chrome.exe [866632] [PID.5400]
[MD5.6DEC61763C91CD3AB57802BFC1D1F08C] - (...) -- C:\Users\Marcela\AppData\Roaming\SisPlugin\Warning.exe [690688] [PID.5284]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.8300]
[MD5.69CE05BE48CD9FB80B108BE872BE3A74] - (.Sensible Vision - FastAccess.) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2428552] [PID.1044]
[MD5.3CC44CA7AE61394004A64FB3F1225969] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1424]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1224]
[MD5.650F111D5CDA64C10AE4B9D1BA9D4FFF] - (.Atheros - Atheros Coex Service Application.) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592] [PID.1732]
[MD5.32A5DEFDDC3562BF89D73586F5915B34] - (.Autodesk - System Level Service Utility.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944] [PID.2064]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2180]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2240]
[MD5.AA0C4A2C33CE075DF2C272D678734991] - (...) -- C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [65536] [PID.2260]
[MD5.C7F5C284B6F46FCAF6910EA4E644700B] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.2292]
[MD5.82BE7E18860CC7D9C1DBB9CF0B418CFC] - (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) -- C:\Program Files (x86)\TIM Communicator\module\devicemon.exe [26528] [PID.2384]
[MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.2444]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2696]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2864]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3060]
[MD5.E0E4A1F81A7D69C595A8A9DDAD084C19] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [769432] [PID.2552]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [aaaaipellmcghooemdekbhlgaoiaebam] Ask Toolbar v.30.1, (Désactivé) =>Toolbar.Ask
G2 - GCE: Preference [User Data\Default] [aicancafipiklohohmoognddncljhkio] FreeOnlineRadioPlayerRecorder V1 v.10.14.370.100 (Désactivé)
G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.2.3.1 (Désactivé) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [cjpglkicenollcignonpgiafdgfeehoj] Nova Guia v.9.4.1.1 (Désactivé)
G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Toolbar v.1.14 (Désactivé) =>PUP.Babylon
G2 - GCE: Preference [User Data\Default] [doobfiogmfmpjnoofjhhgjehmlofngfp] Metacrawler Nova Guia v.9.4.1.1 (Désactivé)
G2 - GCE: Preference [User Data\Default] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.5.3.0 (Désactivé) =>PUP.DealPly
G2 - GCE: Preference [User Data\Default] [jljheddigenhleadfofeccneimcmlefp] Speed Test (4354) v.1.0.0.0 (Désactivé) =>Adware.ScriptHost
G2 - GCE: Preference [User Data\Default] [lbgfiglojokgabdbhegbpjgojgppppgf] Free Games (4357) v.1.0.0.0 (Désactivé) =>Adware.ScriptHost
G2 - GCE: Preference [User Data\Default] [lcfkmoonfcfoliiagnccmlikipcikmpl] Google Accounts v.2013.9.7.54399 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 23 Legitimates Filtered in 00mn 12s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\prefs.js
M3 - MFPP: Plugins - [Marcela] -- C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\searchplugins\freeonlineradioplayerrecorder-v1-customized-web-search.xml =>Toolbar.Conduit
M3 - MFPP: Plugins - [Marcela] -- C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\searchplugins\Funmoods.xml =>PUP.Funmoods
M3 - MFPP: Plugins - [Marcela] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [Marcela] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [Marcela] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [Marcela] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-br.xml
M0 - MFSP: prefs.js [Marcela - kps4vd5j.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
M2 - MFEP: prefs.js [Marcela - kps4vd5j.default\{79b8e308-95a2-4044-932d-80e833a863cc}] [] FreeOnlineRadioPlayerRecorder V1 v10.15.0.51 (..)
M2 - MFEP: prefs.js [Marcela - kps4vd5j.default\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}] [] DealPly v2.0 (..) =>PUP.DealPly
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: FreeOnlineRadioPlayerRecorder V1 Toolbar [64Bits] - {79b8e308-95a2-4044-932d-80e833a863cc} . (.Conduit Ltd. - Conduit Toolbar.) (6.12.50.1) -- C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\prxtbFree.dll =>Toolbar.Conduit
~ IE Browser: 25 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.142.130.166:80
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=Userinit.exe
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=C:\WINDOWS\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

---\\ Browser Helper Objects do navegador (02)
O2 - BHO: btorbit.com [64Bits] - {000123B4-9B42-4900-B3F7-F4B073EFC214} . (.Orbitdownloader.com - Orbitcth.) -- C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: FreeOnlineRadioPlayerRecorder V1 [64Bits] - {79b8e308-95a2-4044-932d-80e833a863cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1\prxtbFree.dll =>Toolbar.Conduit
~ BHO: 18 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{79B8E308-95A2-4044-932D-80E833A863CC} Chave orfã
~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: AnyDVD.lnk . (.SlySoft, Inc. - AnyDVD Application.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Autodesk 360.lnk . (...) -- C:\Program Files (x86)\Autodesk\Autodesk Sync\AdSync.exe (.not file.)
O4 - GS\Desktop [Public]: Autodesk 3ds Max 8.lnk . (.Autodesk, Inc. - 3ds Max application.) -- C:\Program Files (x86)\Autodesk\3dsMax8\3dsmax.exe
O4 - GS\Desktop [Public]: Autodesk ReCap.lnk . (...) -- C:\Program Files (x86)\Autodesk\Autodesk ReCap\recap.exe (.not file.)
O4 - GS\Desktop [Public]: Bitstream Font Navigator.lnk . (.Bitstream Inc. - FontNav.) -- C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav\FontNav.exe
O4 - GS\Desktop [Public]: CloneCD.lnk . (.SlySoft, Inc. - CloneCD Replicator Program.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCD.exe
O4 - GS\Desktop [Public]: FotoMix.lnk . (.Digital Photo Software - FotoMix.) -- C:\Program Files (x86)\Digital Photo Software\FotoMix\FotoMix.exe
O4 - GS\Desktop [Public]: LMTOOLS Utility.lnk . (...) -- C:\Program Files (x86)\Autodesk\Autodesk Network License Manager\lmtools.exe (.not file.)
O4 - GS\Desktop [Public]: Photo Effects Studio.lnk . (.AMS Software - No Comment.) -- C:\Program Files (x86)\Photo Effects Studio\EStudio.exe
O4 - GS\Desktop [Public]: TIM Communicator.lnk . (...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Virtual Plastic Surgery Software - VPSS.lnk . (.Kaeria SARL - Virtual Plastic Surgery Software - VPSS.) -- C:\Program Files (x86)\VPSS\vpss.exe
O4 - GS\Program [Public]: Documentação de ajuda da Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.)
O4 - GS\Program [Public]: Gráficos Comutáveis.lnk . (.ATI Technologies Inc. - Catalyst Control Centre: Command Line Inter.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe
O4 - GS\Program [Public]: Morena Rosa Notes.lnk . (...) -- C:\Program Files (x86)\Morena Rosa Notes\Morena Rosa Notes.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Songr.lnk . (.http://at-my-window.blogspot.com/?page=song - Songr.) -- C:\Program Files (x86)\Songr\Songr.exe
O4 - GS\Program [Public]: Zinio Reader 4.lnk . (...) -- C:\Program Files (x86)\Zinio Reader 4\Zinio Reader 4.exe
O4 - GS\QuickLaunch [Marcela]: DVD Decrypter.lnk . (.LIGHTNING UK! - DVD Decrypter - The Ultimate DVD Ripper!.) -- C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe
O4 - GS\QuickLaunch [Marcela]: IsoBuster.lnk . (.Smart Projects - The Ultimate Data Recovery tool.) -- C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe
O4 - GS\QuickLaunch [Marcela]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Marcela]: Orbit.lnk . (.Orbitdownloader.com - Orbit Downloader.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O4 - GS\QuickLaunch [Marcela]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\TaskBar [Marcela]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Marcela\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Marcela]: TIM Communicator.lnk . (...) -- C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe
O4 - GS\Program [Marcela]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Marcela]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Marcela]: IsoBuster.lnk . (.Smart Projects - The Ultimate Data Recovery tool.) -- C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe
O4 - GS\Desktop [Marcela]: BadCopy Pro.lnk . (.Jufsoft - BadCopy - Disk & CD/DVD & Digital Media Dat.) -- C:\Program Files (x86)\Jufsoft\BadCopy\BadCopy.exe
O4 - GS\Desktop [Marcela]: Central de Soluções HP.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe
O4 - GS\Desktop [Marcela]: DVD Decrypter.lnk . (.LIGHTNING UK! - DVD Decrypter - The Ultimate DVD Ripper!.) -- C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe
O4 - GS\Desktop [Marcela]: DVD Shrink 3.2.lnk . (.DVD Shrink - DVD Shrink 3.2.) -- C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
O4 - GS\Desktop [Marcela]: dvdisaster.lnk . (...) -- C:\Program Files (x86)\dvdisaster\dvdisaster-win.exe
O4 - GS\Desktop [Marcela]: DVDStyler.lnk . (...) -- C:\Program Files (x86)\DVDStyler\bin\DVDStyler.exe
O4 - GS\Desktop [Marcela]: FxFoto.lnk . (.Triscape, Inc. - Triscape FxFoto.) -- C:\Program Files\FxFoto\FxFoto.exe
O4 - GS\Desktop [Marcela]: IsoBuster.lnk . (.Smart Projects - The Ultimate Data Recovery tool.) -- C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe
O4 - GS\Desktop [Marcela]: MakeUp Pilot.lnk . (.Two Pilots - No Comment.) -- C:\Program Files (x86)\MakeUp Pilot\MakeUpPilot.exe
O4 - GS\Desktop [Marcela]: Orbit.lnk . (.Orbitdownloader.com - Orbit Downloader.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O4 - GS\Desktop [Marcela]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [Marcela]: Portable Flash Professional CS5 - Atalho.lnk . (...) -- C:\Nova Pasta (2)\Portable Adobe Flash Professional CS5 v11.0.0.485\Portable Flash Professional CS5.exe (.not file.)
O4 - GS\Desktop [Marcela]: Retouch Pilot.lnk . (...) -- C:\Program Files (x86)\Retouch Pilot\RetouchPilot.exe
~ Global Startup: 118 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: AutoCAD Startup Accelerator.lnk . (...) -- C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (.not file.)
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Marcela\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Megacubo] C:\Program Files (x86)\Megacubo\megacubo.exe (.not file.)
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKCU\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [MicrosoftPlugin] . (...) -- C:\Users\Marcela\AppData\Roaming\SisPlugin\Start.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [FATrayAlert] . (.Sensible Vision - FATrayMon.) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Wow6432Node\Run: [Dell Registration] . (.Dell, Inc. - System Registration.) -- C:\Program Files (x86)\System Registration\prodreg.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [FAStartup] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] Chave orfã =>Toolbar.Conduit
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Chave orfã =>Toolbar.Conduit
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2859420775-1429383422-540164267-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Marcela\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-2859420775-1429383422-540164267-1000\..\Run: [Megacubo] C:\Program Files (x86)\Megacubo\megacubo.exe (.not file.)
O4 - HKUS\S-1-5-21-2859420775-1429383422-540164267-1000\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\S-1-5-21-2859420775-1429383422-540164267-1000\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKUS\S-1-5-21-2859420775-1429383422-540164267-1000\..\Run: [MicrosoftPlugin] . (...) -- C:\Users\Marcela\AppData\Roaming\SisPlugin\Start.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Send by Bluetooth to [64Bits] - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{92D52D14-0D09-4067-B058-031BBE25321E}: NameServer = 200.220.227.56 200.142.130.202
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3D39DAE-9151-4DEE-BB24-83C228D10C32}: DhcpNameServer = 10.42.0.251 10.42.0.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22E679B-B6E2-4779-A5CA-1BD790EC0A62}: DhcpNameServer = 192.168.0.201
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3D39DAE-9151-4DEE-BB24-83C228D10C32}: DhcpDomain = vcp.amer.dell.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{92D52D14-0D09-4067-B058-031BBE25321E}: NameServer = 200.220.227.56 200.142.130.202
O17 - HKLM\System\CS1\Services\Tcpip\..\{C3D39DAE-9151-4DEE-BB24-83C228D10C32}: DhcpNameServer = 10.42.0.251 10.42.0.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{D22E679B-B6E2-4779-A5CA-1BD790EC0A62}: DhcpNameServer = 192.168.0.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{C3D39DAE-9151-4DEE-BB24-83C228D10C32}: DhcpDomain = vcp.amer.dell.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{C3D39DAE-9151-4DEE-BB24-83C228D10C32}: DhcpNameServer = 10.42.0.251 10.42.0.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{D22E679B-B6E2-4779-A5CA-1BD790EC0A62}: DhcpNameServer = 192.168.0.201
O17 - HKLM\System\CS2\Services\Tcpip\..\{C3D39DAE-9151-4DEE-BB24-83C228D10C32}: DhcpDomain = vcp.amer.dell.com
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

por gilberto inacio Qui 13 Fev 2014, 18:33

Parte 2

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA. - USB Device monitor.) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
~ Services: 17 Legitimates Filtered in 00mn 09s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Digital Sites.job [300]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\DigitalSite.job [300] =>Hijacker.DSite
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\DSite.job [294] =>Hijacker.DSite
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Funmoods.job [300] =>PUP.Funmoods
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SaveSense.job [300] =>PUP.SaveSense
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector] (...) -- C:\Program Files (x86)\RegClean Pro\SystweakASP.exe (.not file.) [0] =>PUP.AdvancedSystemProtector
[MD5.D42D782A757E7F7D7A56FDD5296FBA75] [APT] [Digital Sites] (...) -- C:\Users\Marcela\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.exe [111104]
[MD5.00000000000000000000000000000000] [APT] [DigitalSite] (...) -- C:\Users\Marcela\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Hijacker.DSite
[MD5.00000000000000000000000000000000] [APT] [Funmoods] (...) -- C:\Users\Marcela\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.Funmoods
[MD5.00000000000000000000000000000000] [APT] [SaveSense] (...) -- C:\Users\Marcela\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.SaveSense
[MD5.00000000000000000000000000000000] [APT] [{B8B6F453-0FE3-4D6B-B5E6-F70F01FAB648}] (...) -- E:\3D Studio Max 8\Setup\Setup\DirectX\dxsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FFEF7033-FC81-453E-8CB8-8505F4E4548D}] (...) -- H:\N-9\Nero-9.0.9.4b.exe (.not file.) [0]
~ Scheduled Task: 34 Legitimates Filtered in 00mn 04s

---\\ Software instalados (042)
O42 - Logiciel: DealPly - (.DealPly Technologies Ltd.) [HKLM][64Bits] -- DealPly =>PUP.DealPly
O42 - Logiciel: FaceOnBody - (...) [HKLM][64Bits] -- FaceOnBody
O42 - Logiciel: FreeOnlineRadioPlayerRecorder V1 Toolbar - (.FreeOnlineRadioPlayerRecorder V1.) [HKLM][64Bits] -- FreeOnlineRadioPlayerRecorder_V1 Toolbar
O42 - Logiciel: FxFoto by Triscape - (...) [HKLM][64Bits] -- FxFoto
O42 - Logiciel: Search Protect by conduit - (.Conduit.) [HKLM][64Bits] -- SearchProtect =>Toolbar.Conduit
O42 - Logiciel: TIM Communicator - (...) [HKLM][64Bits] -- OrolixCommunicator
O42 - Logiciel: Triscape FxFoto - (...) [HKLM][64Bits] -- TriscapeFxFoto
O42 - Logiciel: dvdisaster-0.72 - (.dvdisaster project.) [HKLM][64Bits] -- dvdisaster_is1
~ Logic: 58 Legitimates Filtered in 00mn 01s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\BabSolution] =>Hijacker.BabSolution
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\DealPly] =>PUP.DealPly
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\Orolix]
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense
[HKCU\Software\Triscape]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\FreeOnlineRadioPlayerRecorder_V1]
[HKLM\Software\Wow6432Node\Orolix]
[HKLM\Software\Wow6432Node\PIP]
[HKLM\Software\Wow6432Node\SSD_HSDPA]
[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense
[HKLM\Software\Wow6432Node\Triscape]
[HKLM\Software\Wow6432Node\USBDriverFlag]
~ Key Software: 523 Legitimates Filtered in 00mn 01s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/11/2013 - 09:58:42 - [0] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 18/11/2013 - 22:55:08 - [0,851] ----D C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals
O43 - CFD: 18/11/2013 - 23:03:57 - [0] ----D C:\Program Files (x86)\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 29/04/2013 - 21:42:00 - [0,609] ----D C:\Program Files (x86)\Conduit
O43 - CFD: 03/11/2013 - 10:25:27 - [0,509] ----D C:\Program Files (x86)\DealPly =>PUP.DealPly
O43 - CFD: 04/05/2013 - 19:35:04 - [16,897] ----D C:\Program Files (x86)\dvdisaster
O43 - CFD: 26/05/2013 - 01:24:53 - [2,562] ----D C:\Program Files (x86)\FaceOnBody
O43 - CFD: 29/04/2013 - 21:41:58 - [7,876] ----D C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder_V1
O43 - CFD: 01/05/2013 - 19:07:30 - [0] ----D C:\Program Files (x86)\InfinaDyne
O43 - CFD: 26/05/2013 - 01:36:02 - [32,648] ----D C:\Program Files (x86)\Photo Effects Studio
O43 - CFD: 17/11/2013 - 17:50:24 - [2,322] ----D C:\Program Files (x86)\RBM
O43 - CFD: 26/05/2013 - 00:36:03 - [6,029] ----D C:\Program Files (x86)\Retouch Pilot
O43 - CFD: 17/11/2013 - 22:01:07 - [0] ----D C:\Program Files (x86)\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 11/02/2014 - 21:33:35 - [29,072] ----D C:\Program Files (x86)\TIM Communicator
O43 - CFD: 21/08/2013 - 16:10:24 - [0,004] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 07/02/2014 - 11:27:42 - [0] ----D C:\ProgramData\APN
O43 - CFD: 08/09/2013 - 13:12:48 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 02/11/2013 - 11:19:34 - [2,648] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 18/11/2013 - 22:50:09 - [0,056] ----D C:\ProgramData\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 23/07/2013 - 15:03:22 - [0] ----D C:\ProgramData\FaceOnBody
O43 - CFD: 03/09/2013 - 13:19:22 - [0] ----D C:\ProgramData\FARO
O43 - CFD: 01/05/2013 - 18:56:38 - [0,036] ----D C:\ProgramData\InfinaDyne
O43 - CFD: 11/02/2014 - 21:33:35 - [4,368] ----D C:\ProgramData\OrolixCommunicator
O43 - CFD: 16/11/2013 - 18:31:59 - [0,740] ----D C:\ProgramData\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 03/11/2013 - 09:37:42 - [0] ----D C:\Users\Marcela\AppData\Roaming\Advanced System Protector =>PUP.AdvancedSystemProtector
O43 - CFD: 26/01/2014 - 09:40:19 - [0] ----D C:\Users\Marcela\AppData\Roaming\baidu =>Adware.BDSearch
O43 - CFD: 02/11/2013 - 09:58:42 - [2,773] ----D C:\Users\Marcela\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 18/04/2013 - 16:04:29 - [0] ----D C:\Users\Marcela\AppData\Roaming\DealPly =>PUP.DealPly
O43 - CFD: 04/05/2013 - 19:53:21 - [0,001] ----D C:\Users\Marcela\AppData\Roaming\dvdisaster
O43 - CFD: 21/08/2013 - 17:07:58 - [0,288] ----D C:\Users\Marcela\AppData\Roaming\eIntaller
O43 - CFD: 17/11/2013 - 19:30:08 - [0] ----D C:\Users\Marcela\AppData\Roaming\Funmoods =>PUP.Funmoods
O43 - CFD: 05/05/2013 - 22:41:36 - [0,146] ----D C:\Users\Marcela\AppData\Roaming\FxFotoDB
O43 - CFD: 01/05/2013 - 18:57:12 - [0] ----D C:\Users\Marcela\AppData\Roaming\InfinaDyne
O43 - CFD: 16/11/2013 - 18:31:53 - [0] ----D C:\Users\Marcela\AppData\Roaming\SaveSense =>PUP.SaveSense
O43 - CFD: 04/02/2014 - 09:42:20 - [5,891] ----D C:\Users\Marcela\AppData\Roaming\SisPlugin
O43 - CFD: 31/10/2013 - 20:07:49 - [0,996] ----D C:\Users\Marcela\AppData\Roaming\speedtest4354
O43 - CFD: 11/08/2013 - 17:12:06 - [0,243] ----D C:\Users\Marcela\AppData\Roaming\VIVO INTERNET
O43 - CFD: 18/11/2013 - 22:50:09 - [0] ----D C:\Users\Marcela\AppData\Local\BonanzaDealsLive =>Adware.BonanzaDeals
O43 - CFD: 29/04/2013 - 21:41:58 - [0,083] ----D C:\Users\Marcela\AppData\Local\Conduit
O43 - CFD: 16/11/2013 - 18:31:59 - [0] ----D C:\Users\Marcela\AppData\Local\SaveSenseLive =>PUP.SaveSense
O43 - CFD: 07/02/2014 - 11:57:22 - [0,147] ----D C:\Users\Marcela\AppData\Local\VNT
O43 - CFD: 18/04/2013 - 16:04:29 - [0,004] ----D C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly
O43 - CFD: 07/02/2014 - 18:47:03 - [0,004] ----D C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
~ 5 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 300 Legitimates Filtered in 00mn 46s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.EDCB7E5E86EAC2D9EEA79F1CCD13C92F] - 13/02/2014 - 16:27:56 ---A- . (...) -- C:\WINDOWS\System32\prfc0416.dat [148042]
O44 - LFC:[MD5.70D26121E6EC3F7841B674421CB80D7B] - 13/02/2014 - 16:27:56 ---A- . (...) -- C:\WINDOWS\System32\prfh0416.dat [706460]
~ Files: 17 Legitimates Filtered in 00mn 01s

---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
~ Keys Export: 2 Legitimates Filtered in 00mn 00s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{20ef5fc6-02b7-11e3-9c16-848f69b63c3a}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{20ef5fd4-02b7-11e3-9c16-848f69b63c3a}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{eed2977f-25e5-11e3-a5e1-848f69b63c3a}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 37s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [Key] . (...) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\NeroLauncher [Key] . (...) -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
~ SMSR Keys: 13 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.984A068AB4CF918955150B3457D7C147] - 19/12/2013 - 10:11:26 ---A- . (...) -- C:\WINDOWS\System32\Drivers\aswRvrt.sys [65336]
O58 - SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] - 01/07/2013 - 07:37:26 ---A- . (...) -- C:\WINDOWS\System32\Drivers\aswSnx.sys.sum [175]
O58 - SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] - 01/07/2013 - 07:37:26 ---A- . (...) -- C:\WINDOWS\System32\Drivers\aswSP.sys.sum [175]
O58 - SDL:[MD5.F71105429AEB03E29E1503B761FC261A] - 19/12/2013 - 10:11:27 ---A- . (...) -- C:\WINDOWS\System32\Drivers\aswVmm.sys [189936]
O58 - SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] - 01/07/2013 - 07:37:26 ---A- . (...) -- C:\WINDOWS\System32\Drivers\aswVmm.sys.sum [175]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\WINDOWS\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\WINDOWS\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\WINDOWS\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.3C23BE0DAD748BAE77E87F18F34EBA0E] - 30/04/2013 - 05:51:09 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\WINDOWS\System32\Drivers\tap0901.sys [40616]
~ Drivers: 16 Legitimates Filtered in 00mn 04s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Marcela\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("CT3282722.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CUI=UN2795[...]
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("CT3282722.installId", "conduitinstaller.exe"); =>Adware.Bloson
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("CT3282722.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("CT3282722.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3282722&octid=CT3[...]
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("Smartbar.ConduitHomepagesList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("Smartbar.ConduitSearchEngineList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("Smartbar.ConduitSearchUrlList", ""); =>Hijacker.SmartBar
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("browser.search.defaultthis.engineName", "FreeOnlineRadioPlayerRecorder V1 Customized Web Search");
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&CUI=UN27956522412084814&UM=2&Sear[...]
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("browser.search.selectedEngine", "FreeOnlineRadioPlayerRecorder V1 Customized Web Search");
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CUI=UN27956522412084814&UM=2&q="[...]
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3282722&CUI=UN27956522412084814&UM=2&SearchSource=13,[...] =>Hijacker.SmartBar
O69 - SBI: prefs.js [Marcela - kps4vd5j.default] user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CUI=UN2[...] =>Hijacker.SmartBar
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {C6E1B50F-A5E8-4F74-B533-BFAD845E2640} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {DA19EDE6-F49B-4088-86CB-26FC76D16C50 - (Funmoods) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
O69 - SBI: SearchScopes [HKCU] {DA19EDE6-F49B-4088-86CB-26FC76D16C50} [DefaultScope] - (FreeOnlineRadioPlayerRecorder V1 Customized Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4EE888A69EFBE1F2F5F6AE9B123BFE1B] [SPRF][17/11/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\231013_h.exe [320496]
[MD5.64CE8E10EBAACAB42B8AF2847DF89B3F] [SPRF][17/11/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\231013_l.exe [1610152]
[MD5.CBA085E229E36735A3E487BA6AF206AB] [SPRF][17/11/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\231013_p.exe [662512]
[MD5.3737F1EFEABE60B3B5B723F73B2C381B] [SPRF][17/11/2013] (.SaveSense - SaveSense.) -- C:\Users\Marcela\AppData\Local\Temp\231013_y.exe [1411872] =>PUP.SaveSense
[MD5.A67598F2E454B6D346E53D3BB74AD7F0] [SPRF][17/11/2013] (.Setup © - Setup.) -- C:\Users\Marcela\AppData\Local\Temp\43029uninstall.exe [716800]
[MD5.CCE9041854C473FA21BCD35287760B0E] [SPRF][18/11/2013] (.Setup © - Setup.) -- C:\Users\Marcela\AppData\Local\Temp\53951uninstall.exe [638464]
[MD5.A67598F2E454B6D346E53D3BB74AD7F0] [SPRF][17/11/2013] (.Setup © - Setup.) -- C:\Users\Marcela\AppData\Local\Temp\57906uninstall.exe [716800]
[MD5.611A9EECEC581F8929A6951DDB81ED57] [SPRF][31/10/2013] (.No owner - Installer.) -- C:\Users\Marcela\AppData\Local\Temp\77Zip973867.exe [817088]
[MD5.A67598F2E454B6D346E53D3BB74AD7F0] [SPRF][16/11/2013] (.Setup © - Setup.) -- C:\Users\Marcela\AppData\Local\Temp\99855uninstall.exe [716800]
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][31/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\BackupSetup.exe [10355400]
[MD5.48626E62168274691AAC4D381BC14D32] [SPRF][02/11/2013] (.Baidu, Inc. - PC Faster Setup.) -- C:\Users\Marcela\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe [10485488] =>Adware.BDSearch
[MD5.6A63B619585FD0FD3BFB693CA05F2E5C] [SPRF][17/11/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\bdg8076.exe [253952]
[MD5.6A63B619585FD0FD3BFB693CA05F2E5C] [SPRF][17/11/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\bdg9E91.exe [253952]
[MD5.6A63B619585FD0FD3BFB693CA05F2E5C] [SPRF][25/01/2014] (...) -- C:\Users\Marcela\AppData\Local\Temp\bdgB452.exe [253952]
[MD5.6A63B619585FD0FD3BFB693CA05F2E5C] [SPRF][02/11/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\bdgCF61.exe [253952]
[MD5.E8EE9616B5FEC6F5DADCA38656799910] [SPRF][02/11/2013] (.Baidu Inc. - Baidu PC Faster MiniSetup.) -- C:\Users\Marcela\AppData\Local\Temp\crpC2F3.exe [1695144] =>Adware.BDSearch
[MD5.8DD9A0BED4BBB1C4B05FFDD5D9103402] [SPRF][02/11/2013] (.Baidu.com - hao123 Desktop Shortcut.) -- C:\Users\Marcela\AppData\Local\Temp\crpC65F.exe [299984] =>Adware.BDSearch
[MD5.78E0886B22C7BC84A47798F72694FDBA] [SPRF][06/10/2013] (.Flexera Software LLC - Activation Licensing Service Installer.) -- C:\Users\Marcela\AppData\Local\Temp\FNP_ACT_InstallerCA.dll [2016632]
[MD5.6350E94BA8C1EAF11E09527936308BF2] [SPRF][10/02/2014] (...) -- C:\Users\Marcela\AppData\Local\Temp\ICReinstall_ccleaner-4104570-32-bits.exe [613976] =>Piriform Ltd
[MD5.1249466520456B46F291B90FA74ACD43] [SPRF][13/02/2014] (...) -- C:\Users\Marcela\AppData\Local\Temp\ICReinstall_zhpDiag2.exe [664864]
[MD5.82555B1ABFA3BDD11AD3B7EEE8319775] [SPRF][04/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\install_helper.exe [901120]
[MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][18/11/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\Sqlite3.dll [599419]
[MD5.65F00BFEF4AA0BDB459F358ADE919110] [SPRF][01/09/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Marcela\AppData\Local\Temp\uninst1.exe [340560] =>PUP.Babylon
[MD5.307D8204CA2A0A65307D24FBB608EE95] [SPRF][02/11/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\utiC2C3.exe [1695144]
[MD5.CBABF1DE2808560750648441D8B95FB2] [SPRF][02/11/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\utiC64E.exe [299984]
[MD5.6DA59C1AB5A81C6B6E10A987DB306725] [SPRF][31/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\vcredist_x64.exe [1243105]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][09/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{0C793EB4-1AE1-4393-B4BF-21DA10AC56CF}-30.0.1599.69_29.0.1547.76_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{16509A27-8A99-451A-97B3-4A1081D509A5}-30.0.1599.69_29.0.1547.76_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][24/09/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{211AE727-38E8-4CA8-A3DE-F8EDA7E833FF}-29.0.1547.76_29.0.1547.66_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][19/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{45F46F2A-781C-4A25-ABF6-B578F3F1E5D6}-30.0.1599.101_29.0.1547.76_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][23/09/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{5C8B7F51-94C5-4F9D-B098-28C685BB1C5B}-29.0.1547.76_29.0.1547.66_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][21/09/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{6025593F-1E9F-42E4-9D32-3BA542D19BCB}-29.0.1547.76_29.0.1547.66_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][21/09/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{72E12A19-17A7-45FE-A034-88FB1D1C4175}-29.0.1547.76_29.0.1547.66_chrome_updater.exe [0]
[MD5.EB861681D2674A2DC03F2882BB642842] [SPRF][08/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{7E295678-06E1-499F-89E3-D39DF6352C0C}-30.0.1599.69_29.0.1547.76_chrome_updater.exe [70738]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][13/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{7E6C4361-DE58-4BB8-9DFC-3448F89CF40F}-30.0.1599.69_29.0.1547.76_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{960C4033-8BE7-4580-A39D-CEFBE2E504CB}-30.0.1599.69_29.0.1547.76_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][19/09/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{98E7D855-61F0-4FD7-ACC8-8B3967D10DF2}-29.0.1547.76_29.0.1547.66_chrome_updater.exe [0]
[MD5.604A84BD883A50534EEA415869BAB045] [SPRF][23/09/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{A6B4F067-5F77-49B3-B61C-C209CBFB5334}-29.0.1547.76_29.0.1547.66_chrome_updater.exe [400040]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][14/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{A6F23AAF-B6AA-46A6-A690-196220A2B588}-30.0.1599.69_29.0.1547.76_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][03/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{D663BC2C-947B-4A22-849A-DAD2A5C41CBD}-30.0.1599.69_29.0.1547.76_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][11/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{DE0A49FA-5A1A-421D-8B2E-C74FDC7C8DF0}-30.0.1599.69_29.0.1547.76_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{E78CC61B-7E42-4180-81E8-8D356153878E}-30.0.1599.69_29.0.1547.76_chrome_updater.exe [0]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][14/10/2013] (...) -- C:\Users\Marcela\AppData\Local\Temp\{ED2ED3FD-9A89-4F20-9602-79C96CAF77FB}-30.0.1599.69_29.0.1547.76_chrome_updater.exe [0]
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][01/05/2013] (...) -- C:\Users\Marcela\AppData\Roaming\inst.exe [99384]
[MD5.99BFC0A8325D7D651997215D75E3E25A] [SPRF][10/02/2014] (.setupprocess - SetupManager.) -- C:\Users\Marcela\Desktop\Malwarebytes Anti-Malware.exe [274288]
[MD5.D9066F5DA1B19C93EF43724FAF1D6ECB] [SPRF][13/02/2014] (.setupprocess - SetupManager.) -- C:\Users\Marcela\Desktop\Zebulon 1.0.exe [273128]
[MD5.1249466520456B46F291B90FA74ACD43] [SPRF][13/02/2014] (...) -- C:\Users\Marcela\Desktop\zhpDiag2.exe [664864]
~ Files: 53 Legitimates Filtered in 00mn 04s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{1B719CBC-E7CA-4E17-8692-6B70807DB9B1}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Megacubo\megacubo.exe (.not file.)
O87 - FAEL: "{04DC75D6-1BAC-4CF6-9E86-210350235CC8}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Megacubo\megacubo.exe (.not file.)
O87 - FAEL: "{A6A5218D-E6FD-437D-BD17-8BE5B5C0F02E}" |In - None - P17 - TRUE | .(...) -- C:\Users\Marcela\Downloads\77ZipSetup.exe (.not file.)
O87 - FAEL: "{ECCC0BD0-BFC5-4E76-8879-3F7D423135BC}" |Out - None - P17 - TRUE | .(...) -- C:\Users\Marcela\Downloads\77ZipSetup.exe (.not file.)
~ Firewall: 211 Legitimates Filtered in 00mn 01s

---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "2641873CE635D4242B07A2B966A515CA" . (.FastAccess.) -- C:\Windows\Installer\{C3781462-536E-424D-B270-2A9B665A51AC}\Dell_AW_InstallerIcon.exe
O90 - PUC: "A5B9BE5C46923A5D68A925408402F03C" . (.PowerXpressHybrid.) -- c:\Windows\Installer\{C5EB9B5A-2964-D5A3-869A-520448200FC3}\ARPPRODUCTICON.exe
~ Update Products: 267 Legitimates Filtered in 00mn 00s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.39988793C0BE26963F7C8228E7F04E23] [WIS][06/01/2014] (.Google - Google+ Auto Backup.) -- C:\Windows\Installer\2a10955.msi [3088384]
[MD5.FF0AF047BD56C1026BA7BA7218BB6133] [WIS][31/05/2013] (.Mkt Virtual - Morena Rosa Notes.) -- C:\Windows\Installer\54483c.msi [21504]
[MD5.659306B0BB1459394DE1834EDCAD6FB1] [WIS][25/01/2013] (.AutoCAD Apps - This plug-in can be used with AutoCAD to simplify the process o.) -- C:\Windows\Installer\7ebd0.msi [3691520]
[MD5.4CC41D22639EB702BC7C02CBAD1BE33E] [WIS][25/01/2013] (.AutoCAD Apps - A plug-in to see the apps featuerd on the Autodesk Exchange web.) -- C:\Windows\Installer\7ebd6.msi [3034112]
[MD5.355C8431914AA08A50DD01588200C421] [WIS][30/07/2012] (.Corel Corporation - CorelDRAW Graphics Suite X6 - Setup Files.) -- C:\Windows\Installer\83fe79.msi [1331712]
[MD5.55AE59D648BE8E81535D97ED48D14678] [WIS][17/11/2009] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\869e78.msi [522752]
[MD5.9C8581E84481D027C727F74E91032F16] [WIS][08/02/2013] (.Bruce Walker - Autodesk CAD Manager Tools 4.0.) -- C:\Windows\Installer\ffc7c1.msi [3461120]
~ WIS: 274 Legitimates Filtered in 00mn 46s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 03/09/2013 1471352 | (FlexNet Licensing Service 64) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SS - | Demand 16/12/2013 227904 | (GamesAppIntegrationService) . (.WildTangent.) - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 03/04/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 07/02/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 05/09/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 29/11/2010 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 12/05/2011 203264 | (AMD External Events Utility) . (.AMD.) - C:\WINDOWS\System32\atiesrxx.exe
SR - | Auto 20/05/2011 146592 | (Atheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
SR - | Auto 20/05/2011 80032 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
SR - | Auto 26/05/2013 77944 | (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
SR - | Auto 19/12/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 01/11/2010 2428552 | (FAService) . (.Sensible Vision.) - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 21/09/2005 65536 | (mi-raysat_3dsmax8) . (...) - C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
SR - | Auto 13/07/2012 769432 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 24/09/2008 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 21/12/2010 26528 | (OrolixDeviceMonitor) . (.Orolix Desenvolvimento de Software LTDA..) - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe

~ Services: Scanned in 00mn 48s

---\\ Scâner Aditional (088)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 41
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 32
Fichiers trouvés (Files found) : 22

[HKLM\Software\Google\Chrome\Extensions\aaaaipellmcghooemdekbhlgaoiaebam] =>Toolbar.Ask^
[HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>PUP.Babylon^
[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
[HKLM\Software\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp] =>Adware.ScriptHost^
[HKLM\Software\Google\Chrome\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf] =>Adware.ScriptHost^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79B8E308-95A2-4044-932D-80E833A863CC}] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit^
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\PIP] =>Toolbar.Ask
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKCU\Software\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =>Toolbar.Conduit
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit
[HKCU\Software\USyndication] =>Trojan.USyndication
[HKCU\Software\usyndication.com] =>Trojan.USyndication
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Classes\Toolbar.CT3282722] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\Toolbar.CT3282722] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{79b8e308-95a2-4044-932d-80e833a863cc} =>Toolbar.Conduit^
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaipellmcghooemdekbhlgaoiaebam =>Toolbar.Ask^
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb =>PUP.Babylon^
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jljheddigenhleadfofeccneimcmlefp =>Adware.ScriptHost^
C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbgfiglojokgabdbhegbpjgojgppppgf =>Adware.ScriptHost^
C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} =>PUP.DealPly^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\Program Files (x86)\BonanzaDeals =>Adware.BonanzaDeals^
C:\Program Files (x86)\BonanzaDealsLive =>Adware.BonanzaDeals^
C:\Program Files (x86)\DealPly =>PUP.DealPly^
C:\Program Files (x86)\SaveSenseLive =>PUP.SaveSense^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\BonanzaDealsLive =>Adware.BonanzaDeals^
C:\ProgramData\SaveSenseLive =>PUP.SaveSense^
C:\Users\Marcela\AppData\Roaming\Advanced System Protector =>PUP.AdvancedSystemProtector^
C:\Users\Marcela\AppData\Roaming\baidu =>Adware.BDSearch^
C:\Users\Marcela\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\Marcela\AppData\Roaming\DealPly =>PUP.DealPly^
C:\Users\Marcela\AppData\Roaming\Funmoods =>PUP.Funmoods^
C:\Users\Marcela\AppData\Roaming\SaveSense =>PUP.SaveSense^
C:\Users\Marcela\AppData\Local\BonanzaDealsLive =>Adware.BonanzaDeals^
C:\Users\Marcela\AppData\Local\SaveSenseLive =>PUP.SaveSense^
C:\Users\Marcela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly =>PUP.DealPly^
C:\Program Files (x86)\Conduit =>Toolbar.Conduit
C:\Program Files (x86)\SearchProtect =>Toolbar.Conduit
C:\Users\Marcela\AppData\Roaming\SearchProtect =>Toolbar.Conduit
C:\Users\Marcela\AppData\Roaming\eIntaller =>PUP.eSafeSecurity
C:\Users\Marcela\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Marcela\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\Smartbar =>Hijacker.SmartBar
O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] Chave orfã =>Toolbar.Conduit^
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Chave orfã =>Toolbar.Conduit^
C:\WINDOWS\Tasks\DigitalSite.job =>Hijacker.DSite^
C:\WINDOWS\Tasks\DSite.job =>Hijacker.DSite^
C:\WINDOWS\Tasks\Funmoods.job =>PUP.Funmoods^
C:\WINDOWS\Tasks\SaveSense.job =>PUP.SaveSense^
[HKCU\Software\BabSolution] =>Hijacker.BabSolution^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKCU\Software\BonanzaDealsLive] =>Adware.BonanzaDeals^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\SaveSenseLive] =>PUP.SaveSense^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\BonanzaDealsLive] =>Adware.BonanzaDeals^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\SaveSenseLive] =>PUP.SaveSense^
C:\Users\Marcela\AppData\Local\Temp\231013_y.exe =>PUP.SaveSense^
C:\Users\Marcela\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe =>Adware.BDSearch^
C:\Users\Marcela\AppData\Local\Temp\crpC2F3.exe =>Adware.BDSearch^
C:\Users\Marcela\AppData\Local\Temp\crpC65F.exe =>Adware.BDSearch^
C:\Users\Marcela\AppData\Local\Temp\uninst1.exe =>PUP.Babylon^
~ Additionnel Scan: 534241 Items scanned in 00mn 45s

---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.ScriptHost
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.DSite
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SaveSense
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AdvancedSystemProtector
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.BabSolution
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BonanzaDeals
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallCore
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Bloson
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.RecordNRip
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.USyndication
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.eSafeSecurity
~ MSI: 19 link(s) detected in 00mn 45s

~ 1605 Legitimates filtered by white list
End of the scan (814 lines in 03mn 50s)(0)

por **Power Max** Sex 14 Fev 2014, 10:25

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie estes arquivos destacados abaixo para serem analisados (um de cada vez) e à medida em que a análise de cada um deles terminar, copie o endereço que aparecerá na barra de endereços de seu navegador e poste estes links com o resultado em sua próxima resposta:

C:\Users\Marcela\AppData\Roaming\SisPlugin\START.exe
C:\Users\Marcela\AppData\Roaming\SisPlugin\Warning.exe
C:\Program Files (x86)\Morena Rosa Notes\Morena Rosa Notes.exe
_____________________________________________________________________________________________________________

malware-gen 772309

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_____________________________________________________________________________________________________________

malware-gen 772309

Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)

malware-gen 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com os links dos resultados das análises dos arquivos no site Virus Total.

por gilberto inacio Sex 14 Fev 2014, 12:41

C:\Users\Marcela\AppData\Roaming\SisPlugin\START.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

C:\Users\Marcela\AppData\Roaming\SisPlugin\Warning.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

C:\Program Files (x86)\Morena Rosa Notes\Morena Rosa Notes.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Bloco de notas:
Rapport de ZHPFix 2014.1.17.2 par Nicolas Coolman, Update du 17/01/2014
Fichier d'export Registre :
Run by Marcela at 14/02/2014 12:25:37
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\dealply\uninst.exe
AUSENTE Uninstall Process: c:\program files (x86)\freeonlineradioplayerrecorder_v1\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\searchprotect\bin\uninstall.exe

========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\231013_h.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\231013_l.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\231013_p.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\231013_y.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\43029uninstall.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\53951uninstall.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\57906uninstall.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\77Zip973867.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\99855uninstall.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\BackupSetup.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\bdg8076.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\bdg9E91.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\bdgB452.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\bdgCF61.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\crpC2F3.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\crpC65F.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\install_helper.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\uninst1.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\utiC2C3.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\utiC64E.exe
ELIMINÉ: Memory Process: C:\Users\Marcela\AppData\Local\Temp\vcredist_x64.exe

========== Modulos memória ==========
ELIMINÉ: Memory Module: C:\Users\Marcela\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
ELIMINÉ: Memory Module: C:\Users\Marcela\AppData\Local\Temp\Sqlite3.dll

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreeOnlineRadioPlayerRecorder_V1 Toolbar]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]
ELIMINÉ:* CLSID Extra Buttons: {2670000A-7350-4f3c-8081-5663EE0C6C49}
ELIMINÉ:* CLSID Extra Buttons: {7815BE26-237D-41A8-A98F-F7BD75F71086}
ELIMINÉ:* CLSID Extra Buttons: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
ELIMINÉ: HKCU\Software\APN PIP
ELIMINÉ: HKCU\Software\BabSolution
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\BonanzaDealsLive
ELIMINÉ: HKCU\Software\Conduit
ELIMINÉ: HKCU\Software\InstallCore
ELIMINÉ: HKCU\Software\SaveSenseLive
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\BonanzaDealsLive
ELIMINÉ: HKLM\Software\Wow6432Node\Conduit
ELIMINÉ: HKLM\Software\Wow6432Node\PIP
ELIMINÉ: HKLM\Software\Wow6432Node\SaveSenseLive
ELIMINÉ CLSID MPSK: {20ef5fc6-02b7-11e3-9c16-848f69b63c3a}
ELIMINÉ CLSID MPSK: {20ef5fd4-02b7-11e3-9c16-848f69b63c3a}
ELIMINÉ CLSID MPSK: {eed2977f-25e5-11e3-a5e1-848f69b63c3a}
ELIMINÉ:* StartupReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
ELIMINÉ: SearchScopes :{DA19EDE6-F49B-4088-86CB-26FC76D16C50
ELIMINÉ: SearchScopes :{DA19EDE6-F49B-4088-86CB-26FC76D16C50}
ELIMINÉ:* HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}
ELIMINÉ: HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}
ELIMINÉ:* HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS
ELIMINÉ: HKCU\Software\AppDataLow\Software\ConduitSearchScopes
ELIMINÉ: HKLM\Software\Classes\Prod.cap
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32
ELIMINÉ: HKCU\Software\AppDataLow\Software\Crossrider
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS
ELIMINÉ: HKCU\Software\USyndication
ELIMINÉ: HKCU\Software\usyndication.com
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
ELIMINÉ: HKLM\Software\Classes\Toolbar.CT3282722
ELIMINÉ: HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}

========== Valores do Registo ==========
ELIMINÉ RunValue: SynTPEnh
ELIMINÉ RunValue: Megacubo
ELIMINÉ RunValue: AdobeBridge
ELIMINÉ RunValue: FAStartup
ELIMINÉ RunValue: NBKeyScan
ELIMINÉ RunValue: SearchProtect
ELIMINÉ MWPE Value: NoActiveDesktopChanges
ELIMINÉ: {1B719CBC-E7CA-4E17-8692-6B70807DB9B1}
ELIMINÉ: {04DC75D6-1BAC-4CF6-9E86-210350235CC8}
ELIMINÉ: {A6A5218D-E6FD-437D-BD17-8BE5B5C0F02E}
ELIMINÉ: {ECCC0BD0-BFC5-4E76-8879-3F7D423135BC}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ELIMINÉ Mozilla Pref: user_pref("CT3282722.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CUI=UN2795[...]
ELIMINÉ Mozilla Pref: user_pref("CT3282722.installId", "conduitinstaller.exe");
ELIMINÉ Mozilla Pref: user_pref("CT3282722.installType", "conduitnsisintegration");
AUSENTE Mozilla Pref: user_pref("CT3282722.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3282722&octid=CT3[...]
ELIMINÉ Mozilla Pref: user_pref("Smartbar.ConduitHomepagesList", "");
ELIMINÉ Mozilla Pref: user_pref("Smartbar.ConduitSearchEngineList", "");
ELIMINÉ Mozilla Pref: user_pref("Smartbar.ConduitSearchUrlList", "");
ELIMINÉ Mozilla Pref: user_pref("browser.search.defaultthis.engineName", "FreeOnlineRadioPlayerRecorder V1 Customized Web Search");
ELIMINÉ Mozilla Pref: user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&CUI=UN27956522412084814&UM=2&Sear[...]
ELIMINÉ Mozilla Pref: user_pref("browser.search.selectedEngine", "FreeOnlineRadioPlayerRecorder V1 Customized Web Search");
ELIMINÉ Mozilla Pref: user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CUI=UN27956522412084814&UM=2&q="[...]
ELIMINÉ Mozilla Pref: user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3282722&CUI=UN27956522412084814&UM=2&SearchSource=13,[...]
ELIMINÉ Mozilla Pref: user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CUI=UN2[...]

========== Pastas ==========
ELIMINÉ: C:\Users\Marcela\AppData\Local\{514A7869-505A-4DED-A07C-C3A1C06143DC}
ELIMINÉ: C:\Users\Marcela\AppData\Local\{7181AFCB-9344-400B-9EF0-86840E16DFE8}
ELIMINÉ: C:\Users\Marcela\AppData\Local\{7630F560-A0E2-4BE3-A3A2-3E72CA862BA5}
ELIMINÉ: C:\Users\Marcela\AppData\Local\{F1F18F75-D62E-4CA3-93D1-2BB961B248AC}
ELIMINÉ: C:\Users\Marcela\AppData\Local\{FDFDC6C0-CAF5-4731-81AC-B1F2AAF6E6E6}

========== Ficheiros ==========
ELIMINÉ: c:\users\marcela\appdata\local\google\chrome\user data\default\preferences
ELIMINÉ: c:\users\marcela\appdata\roaming\mozilla\firefox\profiles\kps4vd5j.default\searchplugins\freeonlineradioplayerrecorder-v1-customized-web-search.xml
ELIMINÉ: c:\users\marcela\appdata\roaming\mozilla\firefox\profiles\kps4vd5j.default\searchplugins\funmoods.xml
ELIMINÉ: c:\users\public\desktop\autodesk 360.lnk
ELIMINÉ: c:\users\public\desktop\autodesk recap.lnk
ELIMINÉ: c:\users\public\desktop\lmtools utility.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\documentação de ajuda da dell.lnk
ELIMINÉ: c:\users\marcela\desktop\portable flash professional cs5 - atalho.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\autocad startup accelerator.lnk
ELIMINÉ: c:\windows\tasks\digital sites.job
ELIMINÉ: c:\windows\tasks\digitalsite.job
ELIMINÉ: c:\windows\tasks\dsite.job
ELIMINÉ: c:\windows\tasks\funmoods.job
ELIMINÉ: c:\windows\tasks\savesense.job
ELIMINÉ Temporários windows (4763) (1.506.780.131 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: Advanced System Protector
ELIMINÉ: Digital Sites
ELIMINÉ: DigitalSite
ELIMINÉ: Funmoods
ELIMINÉ: SaveSense
ELIMINÉ: {B8B6F453-0FE3-4D6B-B5E6-F70F01FAB648}
ELIMINÉ: {FFEF7033-FC81-453E-8CB8-8505F4E4548D}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
23 : Processo memória
2 : Modulos memória
45 : Chaves do Registo
17 : Valores do Registo
5 : Pastas
16 : Ficheiros
3 : Softwares
14 : Preferências do navegador
7 : Tarefa planificada
1 : Restauração Sistema

End of clean in 11mn 05s

========== Caminho do ficheiro do relatório ==========
C:\Users\Marcela\AppData\Roaming\ZHP\ZHPFix[R1].txt - 14/02/2014 12:25:41 [10181]

por **Power Max** Sex 14 Fev 2014, 13:01

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por gilberto inacio Sex 14 Fev 2014, 14:38

# AdwCleaner v3.018 - Relatório criado 14/02/2014 às 14:27:29
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Marcela - MARCELA-PC
# Executando de : C:\Users\Marcela\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Log Adwcleaner

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Searchprotect
Pasta Deletada : C:\Program Files (x86)\Mysearchdial
Pasta Deletada : C:\Program Files (x86)\orbitdownloader
Pasta Deletada : C:\Program Files (x86)\PC Speed Maximizer
Pasta Deletada : C:\Users\Marcela\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Deletada : C:\Users\Marcela\AppData\Roaming\digitalsite
Pasta Deletada : C:\Users\Marcela\AppData\Roaming\DSite
Pasta Deletada : C:\Users\Marcela\AppData\Roaming\MetaCrawler
Pasta Deletada : C:\Users\Marcela\AppData\Roaming\Mysearchdial
Pasta Deletada : C:\Users\Marcela\AppData\Roaming\PC Speed Maximizer
Pasta Deletada : C:\Users\Marcela\AppData\Roaming\Systweak
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Arquivo Deletada : C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\searchplugins\Mysearchdial.xml
Arquivo Deletada : C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\user.js
Arquivo Deletada : C:\Windows\Tasks\MySearchDial.job
Arquivo Deletada : C:\Windows\System32\Tasks\MySearchDial

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\mysearchdial
Chave Deletedo : HKCU\Software\Orbit
Chave Deletedo : HKCU\Software\SearchProtect
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\smartbar
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\Orbit
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v15.0.1 (pt-BR)

[ Arquivo : C:\Users\Marcela\AppData\Roaming\Mozilla\Firefox\Profiles\kps4vd5j.default\prefs.js ]

Linha deletada : user_pref("CT3282722.1000082.isPlayDisplay", "true");
Linha deletada : user_pref("CT3282722.1000082.muteState", "off");
Linha deletada : user_pref("CT3282722.1000082.state", "{\"state\":\"stopped\",\"text\":\"Classic R...\",\"description\":\"Classic Rock\",\"url\":\"hxxp://www.gotradio.com/player/launch.asp?id=22&cr=lb\"}");
Linha deletada : user_pref("CT3282722.3282722a130039643157408893000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzkxNzE1MzA5NjM4LCJ1cGRhdGVSZXNwVGltZSI6MTM5MTcxNTMxMTU4MCwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]
Linha deletada : user_pref("CT3282722.CT3282722ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMTEwNDg3JTIyJTJDJTIydGl0bGUlMjIlM0ElMjIldTI1Q0ZWb2MlRUElMjB0ZW0lMjAlMjg2JTI5JTIwbWVuc2FnZW5zJXUyNUNGJTIyJTJDJT[...]
Linha deletada : user_pref("CT3282722.CT3282722current_term.enc", "");
Linha deletada : user_pref("CT3282722.CT3282722sdate.enc", "Ng==");
Linha deletada : user_pref("CT3282722.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT3282722.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT3282722.FF19Solved", "true");
Linha deletada : user_pref("CT3282722.FirstTime", "true");
Linha deletada : user_pref("CT3282722.FirstTimeFF3", "true");
Linha deletada : user_pref("CT3282722.PG_ENABLE", "dHJ1ZQ==");
Linha deletada : user_pref("CT3282722.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vMjIvMzI4L0NUMzI4MjcyMi9TaGFyaW5nL3RlbXAvNjM0NDQyNDUyMzYyMDE4ODI5XzI0UFgucG5nIiwiY29tcG9uZW50S[...]
Linha deletada : user_pref("CT3282722.RSSapp3282722a130039643157408893000000embeddedVersion.enc", "Mi40LjA=");
Linha deletada : user_pref("CT3282722.RSSapp3282722a130039643157408893000000lastReportTime.enc", "MTM5MTcxNTM0MDc0NiA=");
Linha deletada : user_pref("CT3282722.RSSapp3282722a130039643157408893000000newFeeds.enc", "bmV3RmVlZHM=");
Linha deletada : user_pref("CT3282722.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Linha deletada : user_pref("CT3282722.SF_STATUS.enc", "RU5BQkxFRA==");
Linha deletada : user_pref("CT3282722.SF_USER_ID", "%E9%EF%EA%E5%BC%B8%B8%B6%B7%BA%B7%BD%B9%BB%B9%BE%BC%BC%BD%BB%BA%B8%BD");
Linha deletada : user_pref("CT3282722.SF_USER_ID.enc", "Y2lkXzYyMjAxNDE3MzUzODY2NzU0Mjc=");
Linha deletada : /*user_pref("CT3282722.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CUI=UN27956522412084814&UM=2&q=");*/
Linha deletada : user_pref("CT3282722.UserID", "UN27956522412084814");
Linha deletada : user_pref("CT3282722._key_cl_active", "%EA%E7%BE%BE%BF%B6%BC%EB%B3%EB%B6%BA%B6%B3%BA%B6%B6%BA%B3%E7%B9%B6%B9%B3%B7%BF%BA%B6%BE%B7%E9%B8%EC%EB%BA%E9");
Linha deletada : user_pref("CT3282722._key_cl_active.enc", "ZGE4ODkwNmUtZTA0MC00MDA0LWEzMDMtMTk0MDgxYzJmZTRj");
Linha deletada : user_pref("CT3282722.addressBarTakeOverEnabledInHidden", "true");
Linha deletada : user_pref("CT3282722.autoDisableScopes", -1);
Linha deletada : user_pref("CT3282722.browser.search.defaultthis.engineName", "true");
Linha deletada : user_pref("CT3282722.cbfirsttime", "%DA%EE%FB%A6%CC%EB%E8%A6%B6%BC%A6%B8%B6%B7%BA%A6%B7%BD%C0%B9%BB%C0%BB%B8%A6%CD%D3%DA%B3%B6%B8%B6%B6");
Linha deletada : user_pref("CT3282722.cbfirsttime.enc", "VGh1IEZlYiAwNiAyMDE0IDE3OjM1OjUyIEdNVC0wMjAw");
Linha deletada : user_pref("CT3282722.defaultSearch", "true");
Linha deletada : user_pref("CT3282722.embeddedsData", "[{\"appId\":\"130039643153976796\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Linha deletada : user_pref("CT3282722.enableAlerts", "true");
Linha deletada : user_pref("CT3282722.enableFix404ByUser", "FALSE");
Linha deletada : user_pref("CT3282722.enableSearchFromAddressBar", "true");
Linha deletada : user_pref("CT3282722.firstTimeDialogOpened", "true");
Linha deletada : user_pref("CT3282722.fixPageNotFoundError", "true");
Linha deletada : user_pref("CT3282722.fixPageNotFoundErrorByUser", "true");
Linha deletada : user_pref("CT3282722.fixPageNotFoundErrorInHidden", "true");
Linha deletada : user_pref("CT3282722.fixUrls", true);
Linha deletada : user_pref("CT3282722.installDate", "29/4/2013 20:39:25");
Linha deletada : /*user_pref("CT3282722.installId", "conduitinstaller.exe");*/
Linha deletada : user_pref("CT3282722.installSessionId", "-1");
Linha deletada : user_pref("CT3282722.installSp", "TRUE");
Linha deletada : /*user_pref("CT3282722.installType", "conduitnsisintegration");*/
Linha deletada : user_pref("CT3282722.installUsage", "2013-06-29T04:19:42.6429362+03:00");
Linha deletada : user_pref("CT3282722.installUsageEarly", "2013-06-29T04:19:03.9700404+03:00");
Linha deletada : user_pref("CT3282722.installerVersion", "1.4.1.3");
Linha deletada : user_pref("CT3282722.isCheckedStartAsHidden", true);
Linha deletada : user_pref("CT3282722.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT3282722.isFirstTimeToolbarLoading", "false");
Linha deletada : user_pref("CT3282722.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Linha deletada : user_pref("CT3282722.keyword", "true");
Linha deletada : user_pref("CT3282722.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3282722&octid=CT3282722&SearchSource=15&CUI=UN27956522412084814&SSPV=EB_SSPV&Lay=1&UM=2[...]
Linha deletada : user_pref("CT3282722.lastVersion", "10.15.0.51");
Linha deletada : user_pref("CT3282722.mam_gk_appStateReportTime", "%B7%B9%BF%B7%BD%B7%BB%B9%B8%BD%BE%BB%B7");
Linha deletada : user_pref("CT3282722.mam_gk_appStateReportTime.enc", "MTM5MTcxNTMyNzg1MQ==");
Linha deletada : user_pref("CT3282722.mam_gk_appState_Clarity_Active", "%F5%F4");
Linha deletada : user_pref("CT3282722.mam_gk_appState_Clarity_Active.enc", "b24=");
Linha deletada : user_pref("CT3282722.mam_gk_appState_CouponBuddy", "%F5%F4");
Linha deletada : user_pref("CT3282722.mam_gk_appState_CouponBuddy.enc", "b24=");
Linha deletada : user_pref("CT3282722.mam_gk_appState_Easytobook", "%F5%F4");
Linha deletada : user_pref("CT3282722.mam_gk_appState_Easytobook.enc", "b24=");
Linha deletada : user_pref("CT3282722.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Linha deletada : user_pref("CT3282722.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Linha deletada : user_pref("CT3282722.mam_gk_appState_PriceGong", "%F5%F4");
Linha deletada : user_pref("CT3282722.mam_gk_appState_PriceGong.enc", "b24=");
Linha deletada : user_pref("CT3282722.mam_gk_appState_WindowShopper", "%F5%F4");
Linha deletada : user_pref("CT3282722.mam_gk_appState_WindowShopper.enc", "b24=");
Linha deletada : user_pref("CT3282722.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Linha deletada : user_pref("CT3282722.mam_gk_appsDefaultEnabled", "%FA%F8%FB%EB");
Linha deletada : user_pref("CT3282722.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT3282722.mam_gk_calledSetupService", "%B7");
Linha deletada : user_pref("CT3282722.mam_gk_calledSetupService.enc", "MQ==");
Linha deletada : user_pref("CT3282722.mam_gk_currentVersion", "%B7%B4%B7%B9%B4%B6%B4%B7%BD");
Linha deletada : user_pref("CT3282722.mam_gk_currentVersion.enc", "MS4xMy4wLjE3");
Linha deletada : user_pref("CT3282722.mam_gk_eventsCache.enc", "eyJjNmJiY2ZhZi01YTI5LTRiYzItOGU4Mi1kMjJjMTgxOTljMmMiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Linha deletada : user_pref("CT3282722.mam_gk_existingUsersRecoveryDone", "%B7");
Linha deletada : user_pref("CT3282722.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Linha deletada : user_pref("CT3282722.mam_gk_first_time", "%B7");
Linha deletada : user_pref("CT3282722.mam_gk_first_time.enc", "MQ==");
Linha deletada : user_pref("CT3282722.mam_gk_gadgetOpen.enc", "MA==");
Linha deletada : user_pref("CT3282722.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT3282722.mam_gk_lastLoginTime", "%B7%B9%BF%B7%BD%B7%BB%B9%B8%BF%BC%B7%B9");
Linha deletada : user_pref("CT3282722.mam_gk_lastLoginTime.enc", "MTM5MTcxNTMyOTYxMw==");
Linha deletada : user_pref("CT3282722.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJPZmVydGFcbmRvIGRpYSJ9LCJkbWJveDIiOnsiVGV4dCI6IkVudmlvXG5ncsOhdGlzIn0sImRtYnVsbGV0MSI6eyJUZXh0[...]
Linha deletada : user_pref("CT3282722.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Linha deletada : user_pref("CT3282722.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT3282722.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT3282722.mam_gk_settings1.13.0.17", "%u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%[...]
Linha deletada : user_pref("CT3282722.mam_gk_settings1.13.0.17.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAyMDYiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijk1XzAiLCJSVEsiOiJINHNJQUFBQUFBQUVBT3k5QjJ[...]
Linha deletada : user_pref("CT3282722.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQlIiLCJpc1dlbGNvbWVFeHBlc[...]
Linha deletada : user_pref("CT3282722.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Linha deletada : user_pref("CT3282722.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Linha deletada : user_pref("CT3282722.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Linha deletada : user_pref("CT3282722.mam_gk_stamp", "%BF%BB%E5%B6");
Linha deletada : user_pref("CT3282722.mam_gk_stamp.enc", "OTVfMA==");
Linha deletada : user_pref("CT3282722.mam_gk_userBornDate", "%D4%B5%C7");
Linha deletada : user_pref("CT3282722.mam_gk_userBornDate.enc", "Ti9B");
Linha deletada : user_pref("CT3282722.mam_gk_userId", "%BA%BF%BA%E8%E7%B8%BB%B7%B3%EB%BD%E7%E7%B3%BA%E8%BD%E8%B3%BF%B6%B6%BC%B3%BA%EC%EB%B6%B9%B6%B7%EB%B6%EA%E9%BE");
Linha deletada : user_pref("CT3282722.mam_gk_userId.enc", "NDk0YmEyNTEtZTdhYS00YjdiLTkwMDYtNGZlMDMwMWUwZGM4");
Linha deletada : user_pref("CT3282722.mam_gk_user_approval_interacted", "%B7");
Linha deletada : user_pref("CT3282722.mam_gk_user_approval_interacted.enc", "MQ==");
Linha deletada : user_pref("CT3282722.mam_gk_welcomeDialogMode", "%B7");
Linha deletada : user_pref("CT3282722.mam_gk_welcomeDialogMode.enc", "MQ==");
Linha deletada : user_pref("CT3282722.migrateAppsAndComponents", true);
Linha deletada : user_pref("CT3282722.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fbr.hao123.com%2F%3Ftn%3Depom_pay_hp_02_hao123_br\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"bbb 14\",\"EB_T[...]
Linha deletada : user_pref("CT3282722.openThankYouPage", "false");
Linha deletada : user_pref("CT3282722.openUninstallPage", "true");
Linha deletada : user_pref("CT3282722.price-gong.isManagedApp", "true");
Linha deletada : user_pref("CT3282722.revertSettingsEnabled", "FALSE");
Linha deletada : user_pref("CT3282722.search.searchAppId", "130039643153976796");
Linha deletada : user_pref("CT3282722.search.searchCount", "1");
Linha deletada : user_pref("CT3282722.searchFromAddressBarEnabledByUser", "true");
Linha deletada : user_pref("CT3282722.searchInNewTabEnabledByUser", "true");
Linha deletada : user_pref("CT3282722.searchInNewTabEnabledInHidden", "true");
Linha deletada : user_pref("CT3282722.searchRevert", "FALSE");
Linha deletada : user_pref("CT3282722.searchUserMode", "2");
Linha deletada : user_pref("CT3282722.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT3282722.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Linha deletada : user_pref("CT3282722.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Linha deletada : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3282722\"}");
Linha deletada : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FreeOnlineRadioPlayerRecorderV1.OurToolbar.com//xpi\"}");
Linha deletada : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeOnlineRadioPlayerRecorder V1\"}");
Linha deletada : user_pref("CT3282722.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Linha deletada : user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1372468750293");
Linha deletada : user_pref("CT3282722.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1372468750575");
Linha deletada : user_pref("CT3282722.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1372468749544");
Linha deletada : user_pref("CT3282722.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1372468749545");
Linha deletada : user_pref("CT3282722.serviceLayer_services_app.twitter.user-google_lastUpdate", "1372468749497");
Linha deletada : user_pref("CT3282722.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1372468749496");
Linha deletada : user_pref("CT3282722.serviceLayer_services_app.twitter.user-time_lastUpdate", "1372468750213");
Linha deletada : user_pref("CT3282722.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1372468749925");
Linha deletada : user_pref("CT3282722.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1372468744110");
Linha deletada : user_pref("CT3282722.serviceLayer_services_appsMetadata_lastUpdate", "1372468744198");
Linha deletada : user_pref("CT3282722.serviceLayer_services_clientErrorLog_lastUpdate", "1372468750970");
Linha deletada : user_pref("CT3282722.serviceLayer_services_getTwitterExtraInfo_lastUpdate", "1372468751270");
Linha deletada : user_pref("CT3282722.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372468744222");
Linha deletada : user_pref("CT3282722.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1372468742584");
Linha deletada : user_pref("CT3282722.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1372468781200");
Linha deletada : user_pref("CT3282722.serviceLayer_services_location_lastUpdate", "1372468742148");
Linha deletada : user_pref("CT3282722.serviceLayer_services_login_10.15.0.51_lastUpdate", "1372468781821");
Linha deletada : user_pref("CT3282722.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372468744144");
Linha deletada : user_pref("CT3282722.serviceLayer_services_searchAPI_lastUpdate", "1372468742292");
Linha deletada : user_pref("CT3282722.serviceLayer_services_serviceMap_lastUpdate", "1372468739504");
Linha deletada : user_pref("CT3282722.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372468744068");
Linha deletada : user_pref("CT3282722.serviceLayer_services_toolbarSettings_lastUpdate", "1372468742646");
Linha deletada : user_pref("CT3282722.settingsINI", true);
Linha deletada : user_pref("CT3282722.shouldFirstTimeDialog", "true");
Linha deletada : user_pref("CT3282722.showToolbarPermission", "false");
Linha deletada : user_pref("CT3282722.smartbar.CTID", "CT3282722");
Linha deletada : user_pref("CT3282722.smartbar.Uninstall", "0");
Linha deletada : user_pref("CT3282722.smartbar.homepage", "true");
Linha deletada : user_pref("CT3282722.smartbar.toolbarName", "FreeOnlineRadioPlayerRecorder V1 ");
Linha deletada : user_pref("CT3282722.startPage", "true");
Linha deletada : user_pref("CT3282722.toolbarBornServerTime", "29-6-2013");
Linha deletada : user_pref("CT3282722.toolbarCurrentServerTime", "29-6-2013");
Linha deletada : user_pref("CT3282722.toolbarLoginClientTime", "Fri Jun 28 2013 22:19:41 GMT-0300 (Hora oficial do Brasil)");
Linha deletada : user_pref("CT3282722.versionFromInstaller", "10.15.0.51");
Linha deletada : user_pref("CT3282722_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1392159841069,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Linha deletada : /*user_pref("Smartbar.ConduitHomepagesList", "");*/
Linha deletada : /*user_pref("Smartbar.ConduitSearchEngineList", "");*/
Linha deletada : /*user_pref("Smartbar.ConduitSearchUrlList", "");*/
Linha deletada : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Linha deletada : user_pref("Smartbar.keywordURLSelectedCTID", "CT3282722");
Linha deletada : user_pref("browser.search.defaultenginename", "Mysearchdial");
Linha deletada : /*user_pref("browser.search.defaultthis.engineName", "FreeOnlineRadioPlayerRecorder V1 Customized Web Search");*/
Linha deletada : /*user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&CUI=UN27956522412084814&UM=2&SearchSource=3&q={searchTerms}");*/
Linha deletada : user_pref("browser.search.selectedEngine", "Mysearchdial");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0ByCtAzy0EyD0FtB0DyDzz0FyCtByD0AtN0D0Tzu0CyByByCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC[...]
Linha deletada : /*user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282722&CUI=UN27956522412084814&UM=2&SearchSource=13,hxxp://search.conduit.com/?*/ctid=CT3282722&octid=CT3282722&SearchSo[...]
Linha deletada : /*user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282722&SearchSource=2&CUI=UN27956522412084814&UM=2&q=");*/
Linha deletada : user_pref("smartbar.machineId", "CZRI2EJVEWV581ESXCV04VFAUKJVKWYPI8I3BC9GVKRAG431A+OH/+SKCNCDXL7INFD0N3SROTAWQH5O8OHI9Q");
Linha deletada : user_pref("smartbar.originalHomepage", "about:home");
Linha deletada : user_pref("smartbar.originalSearchAddressUrl", "");
Linha deletada : user_pref("smartbar.originalSearchEngine", "");
Linha deletada : user_pref("CT3282722.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");

-\\ Google Chrome v

[ Arquivo : C:\Users\Marcela\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [25648 octets] - [14/02/2014 14:25:05]
AdwCleaner[R1].txt - [25709 octets] - [14/02/2014 14:26:08]
AdwCleaner[S0].txt - [24005 octets] - [14/02/2014 14:27:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24066 octets] ##########

por **Power Max** Sex 14 Fev 2014, 15:11

Siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste, por gentileza, o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por gilberto inacio Sex 14 Fev 2014, 15:33

Meu Orbit downloader sumiu, as limpezas anteriores pode ter apagado o programa?

por **Power Max** Sex 14 Fev 2014, 15:37

gilberto inacio escreveu:Meu Orbit downloader sumiu, as limpezas anteriores pode ter apagado o programa?

Depois que terminarmos as limpezas é só você instalar ele novamente.

por gilberto inacio Sex 14 Fev 2014, 16:33

Não consigo baixar o junkware por quê não tenho o orbit, como eu faço para baixar com outro programa?

por gilberto inacio Sex 14 Fev 2014, 16:47

Já consegui faltou raciocínio.

por gilberto inacio Sex 14 Fev 2014, 17:23

Log do Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x64
Ran by Marcela on 14/02/2014 at 16:45:52,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2859420775-1429383422-540164267-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.mysearchdialesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialdskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialdskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mysearchdial.mysearchdialhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71e129ff-6c2a-4984-818c-7e2c998b8d99}

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Successfully deleted: [File] C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\savesenselive"
Successfully deleted: [Folder] "C:\Users\Marcela\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Marcela\AppData\Roaming\mysearchdial"
Successfully deleted: [Folder] "C:\Users\Marcela\AppData\Roaming\savesense"
Successfully deleted: [Folder] "C:\Users\Marcela\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Marcela\appdata\local\savesense"
Successfully deleted: [Folder] "C:\Users\Marcela\appdata\local\savesenselive"
Successfully deleted: [Folder] "C:\Program Files (x86)\mysearchdial"
Successfully deleted: [Folder] "C:\Program Files (x86)\savesenselive"

~~~ FireFox

Successfully deleted: [File] C:\Users\Marcela\AppData\Roaming\mozilla\firefox\profiles\kps4vd5j.default\user.js
Successfully deleted: [File] C:\Users\Marcela\AppData\Roaming\mozilla\firefox\profiles\kps4vd5j.default\searchplugins\mysearchdial.xml
Successfully deleted: [Folder] C:\Users\Marcela\AppData\Roaming\mozilla\firefox\profiles\kps4vd5j.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Successfully deleted the following from C:\Users\Marcela\AppData\Roaming\mozilla\firefox\profiles\kps4vd5j.default\prefs.js

user_pref("CT3282722.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("browser.search.defaultenginename", "Mysearchdial");
user_pref("browser.search.selectedEngine", "Mysearchdial");
user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0ByCtAzy0EyD0FtB0DyDzz0FyCtByD0AtN0D0Tzu0CyByByCtN1L2XzutBtFtBtFtCyDt
user_pref("extensions.mysearchdial.AL", 2);
user_pref("extensions.mysearchdial.aflt", "dsites0103");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0ByCtAzy0EyD0FtB0DyDzz0FyCtByD0AtN0D0Tzu0CyByByCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
user_pref("extensions.mysearchdial.cr", "1789190619");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0ByCtAzy0EyD0FtB0DyDzz0FyCtByD0AtN0D0Tzu0CyByByCtN1L2XzutBtFtB
user_pref("extensions.mysearchdial.id", "B639E5F2D58F625A");
user_pref("extensions.mysearchdial.instlDay", "16115");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0ByCtAzy0EyD0FtB0DyDzz0FyCtByD0AtN0D0Tzu0CyByByCtN1L2XzutBtF
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0ByCtAzy0EyD0FtB0DyDzz0FyCtByD0AtN0D0Tzu0CyByByCtN1L2XzutB
user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.016:4:15");

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/02/2014 at 16:54:16,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Sáb 15 Fev 2014, 10:45

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por Conteúdo patrocinado

malware-gen

malware-gen

Re: malware-gen

como eliminar Malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Re: malware-gen

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31