Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14838 usuários registradosO último membro registrado é Lanterna Verde com Disco
Os nossos membros postaram um total de 36058 mensagens em 3689 assuntos
Quem está conectado?
Há 70 usuários online :: 0 registrados, 0 invisíveis e 70 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
como remover vírus do navegador?
2 participantes
Página 1 de 1
como remover vírus do navegador?
no mozila, spark e google, qdo entro em páginas tipo bradesco,itau,cx econômica, estou
sendo direcionada a páginas fraudulentas, percebi as fraudes e pude confirmar as falsas páginas
com um contato via tel p os bancos, até no facebook ta dando problemas, eu usava esses 3 navegadores e apesar de ter o explore, eu raramente o usava e agora os 3 navegadores estão com vírus e só o explore não tá, consigo acessar todos os sites com plena segurança, porém preciso de outros navegadores abertos ao mesmo tempo, mas já scaneei o pc e não apareceu nada, usei o meu
q é o securyti da microssofth e usei o Avast, porém nenhum apareceu, mostra pc protegido, por isso creio q o problema é no navegador, mas já exclui todos com total exclusão de dados e não resolveu, qdo instalo eles continua com os mesmos problemas, inclusive já limpei com o adwcleoner e verifiquei as propriedades de cada navegador e nada.
obrigada!!!!
sendo direcionada a páginas fraudulentas, percebi as fraudes e pude confirmar as falsas páginas
com um contato via tel p os bancos, até no facebook ta dando problemas, eu usava esses 3 navegadores e apesar de ter o explore, eu raramente o usava e agora os 3 navegadores estão com vírus e só o explore não tá, consigo acessar todos os sites com plena segurança, porém preciso de outros navegadores abertos ao mesmo tempo, mas já scaneei o pc e não apareceu nada, usei o meu
q é o securyti da microssofth e usei o Avast, porém nenhum apareceu, mostra pc protegido, por isso creio q o problema é no navegador, mas já exclui todos com total exclusão de dados e não resolveu, qdo instalo eles continua com os mesmos problemas, inclusive já limpei com o adwcleoner e verifiquei as propriedades de cada navegador e nada.
obrigada!!!!
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: como remover vírus do navegador?
Oi Aline. Seja bem vinda ao Fórum PC Brasil.
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
Última edição por Power Max em Dom 23 Mar 2014, 23:25, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) como remover vírus do navegador?
Fiz todo o procedimento, apareceram 18 vírus, removi e reiniciei o pc conforme solicitado, mas as páginas falsas continuam, quando tento abrir no link verdadeiro vem a mensagem:Erro:
Ação não permitida.
PÁGINA FALSA BRADESCO
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PÁGINA VERDADEIRA
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Ação não permitida.
PÁGINA FALSA BRADESCO
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
PÁGINA VERDADEIRA
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: como remover vírus do navegador?
Oi Aline. Poste o relatório do Malwarebytes para que possamos analisá-lo.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: como remover vírus do navegador?
segue o print
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: como remover vírus do navegador?
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Última edição por Power Max em Dom 23 Mar 2014, 23:26, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: como remover vírus do navegador?
segue relatório
~ Relatório do ZHPDiag v2014.3.2.6 - Nicolas Coolman (03/03/2014)
~ Iniciado por wscgama (09/03/2014 19:06:34)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16518
MFIE: Mozilla Firefox 23.0.1
GCIE: Google Chrome v33.0.1750.146 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft Security Client v4.4.0304.0
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.09 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader 9.1
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4061 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 337 GB (48%) free of 687 GB
---\\ Modo de conexão ao sistema
~ Computer Name: REGIDOPORDEUS
~ User Name: wscgama
~ All Users Names: wscgama, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\wscgama\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\wscgama\AppData\Roaming\
~ %Desktop% : C:\Users\wscgama\Desktop\
~ %Favorites% : C:\Users\wscgama\Favorites\
~ %LocalAppData% : C:\Users\wscgama\AppData\Local\
~ %StartMenu% : C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 337 Go of 687 Go)
D: Hard drive, Flash drive, Thumb drive (Free 214 Go of 244 Go)
E: CD-ROM drive (Free 0 Go of 4 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:49:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:09:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/02/2014 - 05:54:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:55:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:57:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 21:39:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:22:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:49:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:49:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:56:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:13:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:49:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:40:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:10:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:53:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:15:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:30:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:22:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:36:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:39:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:51:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:04:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/91
~ Mes musiques (My Musics) : 1/69
~ Mes Videos (My Videos) : 1/386
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 3/225
~ Mon Bureau (My Desktop) : 3/104
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1880]
[MD5.1B31D1266691EDD4224B0036449F14B4] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2344]
[MD5.10E89F598469C60D8C87A8218089A87D] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\wscgama\AppData\Local\Akamai\netsession_win.exe [4489472] [PID.2872]
[MD5.96E8CF4D3731D90058DE39A3BECAD707] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1201448] [PID.2992]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2100]
[MD5.B056E669130A173DA538282081D0D8A8] - (.No owner - ScheduleTV.) -- C:\Program Files (x86)\TVHome Media2\ScheduleTV.exe [110592] [PID.3280]
[MD5.17BCC73FC3EC0E2EC8B674D7C68BB6E9] - (.NewSoft - Monitor Application.) -- C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe [143360] [PID.2344]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [276376] [PID.3776]
[MD5.72EF708552059546B1AAA82E7AA59439] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.2604]
[MD5.0642800E69522E29B93EF4C6BE00D13E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe [1863560] [PID.3996]
[MD5.4263F6C131E513CEA1AE82B5B81A4E1A] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [808152] [PID.3268]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.4032]
[MD5.66EA3B698F9A7EA2DBF0E4B246B6C958] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8349696] [PID.180]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1788]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1316]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\SysWOW64\IoctlSvc.exe [81920] [PID.1968]
[MD5.0E447EF3CC90B32BA478093B998C48FD] - (.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) -- C:\Windows\System32\StkCSrv.exe [24576] [PID.2528]
[MD5.193FA51DDDD0BFFDED1C340F0434999A] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752] [PID.3028]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\wscgama\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Adorage 3.0.lnk . (.proDAD GmbH - proDAD Adorage 3.0 Application.) -- C:\Program Files (x86)\proDAD\Adorage-3.0\Adorage.exe
O4 - GS\Desktop [Public]: Ashampoo Cover Studio 2.lnk . (...) -- C:\Program Files (x86)\Ashampoo\Ashampoo Cover Studio 2\coverstudio2.exe
O4 - GS\Desktop [Public]: Ashampoo Music Studio 4.lnk . (.Ashampoo GmbH & Co. KG - Music Studio 4.) -- C:\Program Files (x86)\Ashampoo\Ashampoo Music Studio 4\MusicStudio.exe
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Bitstream Font Navigator (64-Bit).lnk . (...) -- C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav64\FontNav.exe (.not file.)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Print and Scan Doctor.lnk . (...) -- C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Presto! PVR.lnk . (.NewSoft - Presto! PVR Application.) -- C:\Program Files (x86)\NewSoft\Presto! PVR\HPVR.exe
O4 - GS\Desktop [Public]: Vitascene 2.0.lnk . (...) -- C:\Program Files (x86)\proDAD\Vitascene-2.0\Vitascene.exe (.not file.)
O4 - GS\Program [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Word Reader 6.22.lnk . (.Abdio Software Inc - No Comment.) -- C:\Program Files (x86)\Abdio\Word Reader\WordReader.exe
O4 - GS\QuickLaunch [wscgama]: Free Audio Editor.lnk . (...) -- C:\Program Files (x86)\Free Audio Editor\FreeAudioEditor.exe
O4 - GS\QuickLaunch [wscgama]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [wscgama]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [wscgama]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [wscgama]: Spark Browser.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O4 - GS\TaskBar [wscgama]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [wscgama]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [wscgama]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [wscgama]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [wscgama]: Transferência de Arquivo Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [wscgama]: Free Audio Editor.lnk . (...) -- C:\Program Files (x86)\Free Audio Editor\FreeAudioEditor.exe
O4 - GS\Desktop [wscgama]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [wscgama]: Movie Maker (2).lnk . (.Microsoft Corporation - Movie Maker.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation
O4 - GS\Desktop [wscgama]: On-Screen Keyboard.lnk . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\system32\osk.exe
O4 - GS\Desktop [wscgama]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [wscgama]: Pinnacle Studio 16.lnk . (.Avid - AvidStudio.) -- C:\Program Files (x86)\Pinnacle\Studio 16\programs\PinnacleStudio.exe
O4 - GS\Desktop [wscgama]: TVHome Media2.lnk . (...) -- C:\Program Files (x86)\TVHome Media2\TVHome Media2.exe
O4 - GS\Desktop [wscgama]: Word Reader 6.22.lnk . (.Abdio Software Inc - No Comment.) -- C:\Program Files (x86)\Abdio\Word Reader\WordReader.exe
~ Global Startup: 100 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: NewShortcut1.lnk . (...) -- C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\wscgama\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [HCIP] C:\WINDOWS\system32\telegram.exe (.not file.)
O4 - HKCU\..\Run: [Defrag] C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe (.not file.) =>Adware.BDSearch
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [ScheduleTV] . (.No owner - ScheduleTV.) -- C:\Program Files (x86)\TVHome Media2\ScheduleTV.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [PowerDVD13Agent] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [ChangeFilterMerit] . (.NewSoft - ChangeFilterMerit.) -- C:\Program Files (x86)\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Wow6432Node\Run: [Presto! PVR Monitor] . (.NewSoft - Monitor Application.) -- C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [osk.exe] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [osk.exe] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3067452549-4010853418-3966798514-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-3067452549-4010853418-3966798514-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\wscgama\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-3067452549-4010853418-3966798514-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-3067452549-4010853418-3966798514-1000\..\Run: [HCIP] C:\WINDOWS\system32\telegram.exe (.not file.)
O4 - HKUS\S-1-5-21-3067452549-4010853418-3966798514-1000\..\Run: [Defrag] C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe (.not file.) =>Adware.BDSearch
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{AFE018C1-1FB5-49BB-8AB8-5F3B88DE37E3}] (...) -- E:\VITASCENE 2.0\VITASCENE 2.0 - 64 BIT.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E4C9C789-13C7-4C5D-B449-2AEDF75B3B27}] (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) [0] =>Adware.BDSearch
~ Scheduled Task: 14 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: Curriculum 3.1 versão 3.1.0.6 - (.Alv Sites - Soluções Web.) [HKLM][64Bits] -- {863A2C4E-047D-4137-BF99-57D21C1A1AC7}_is1
O42 - Logiciel: TVHome Media2 - (...) [HKLM][64Bits] -- {B066DFB5-809B-448D-A4FA-E9E3005E98A0}
O42 - Logiciel: Xml Viewer - (.MindFusion Limited.) [HKLM][64Bits] -- {F58E04CD-6E76-43C8-AAF1-482225C2910E}
~ Logic: 23 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\SysInfoTools pptm Repair]
[HKCU\Software\baidu] =>Adware.BDSearch
[HKCU\Software\dx20120105]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\Baidu] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Nome de sua empresa:]
[HKLM\Software\Wow6432Node\TVHome Media2]
~ Key Software: 282 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/11/2013 - 22:25:48 - [4,635] ----D C:\Program Files (x86)\Curriculum 3.1
O43 - CFD: 22/01/2014 - 17:53:52 - [1,106] ----D C:\Program Files (x86)\MindFusion Limited
O43 - CFD: 06/01/2014 - 11:13:51 - [15,396] ----D C:\Program Files (x86)\TotalExcelConverter
O43 - CFD: 08/03/2014 - 11:28:02 - [-1772,256] ----D C:\Program Files (x86)\TVHome Media2
O43 - CFD: 19/11/2013 - 00:57:04 - [0,002] ----D C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVHome Media2
O43 - CFD: 22/01/2014 - 17:53:53 - [0,006] ----D C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer
~ Program Folder: 174 Legitimates Filtered in 00mn 35s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4D4A4B0AF7228DFEA772E3B63D0F57E6] - 05/03/2014 - 14:13:41 ---A- . (.No owner - StkUnist MFC Application.) -- C:\Windows\StkUnist.exe [57344]
O44 - LFC:[MD5.D2FBE517D8FE03552E9C6CF91C1540D2] - 05/03/2014 - 14:13:41 ---A- . (.Syntek - Syntek USB 2.0 Video Mini Driver.) -- C:\Windows\System32\Drivers\StkCMini.sys [632704]
O44 - LFC:[MD5.1C0B890BF133D201B8D88D473FAF2668] - 05/03/2014 - 14:13:41 ---A- . (.Syntek America Inc. - Syntek DC-112X Service Loader.) -- C:\Windows\System32\StkSSrv.dll [49152]
O44 - LFC:[MD5.0E447EF3CC90B32BA478093B998C48FD] - 05/03/2014 - 14:13:41 ---A- . (.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) -- C:\Windows\System32\StkCSrv.exe [24576]
O44 - LFC:[MD5.7F9ECC4FEF56EF5286F08C5CC8BA571D] - 05/03/2014 - 14:13:41 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Still Image Capture Applicat.) -- C:\Windows\StkC112X.exe [106496]
O44 - LFC:[MD5.2E2A5434BCB869D189E042E59CE0D25D] - 05/03/2014 - 14:13:41 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Video Pipeline Driver.) -- C:\Windows\System32\Drivers\StkCPipe.sys [6921856]
O44 - LFC:[MD5.32271C261A58FFF35B25F15ACBA38A7D] - 05/03/2014 - 14:13:41 ---A- . (.Syntek America Inc. - Syntek USB 2.0 WIA UI Extension Driver.) -- C:\Windows\System32\StkCWIA.dll [69632]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/03/2014 - 13:14:25 ---A- . (...) -- C:\zbzsys.vbr [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/03/2014 - 13:14:25 ---A- . (...) -- C:\zbzsys.vbr-- [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/03/2014 - 13:17:15 ---A- . (...) -- C:\Windows\system32ravreg.sys [0]
O44 - LFC:[MD5.1AC13763478974493D3F6EF029E5E0CA] - 09/03/2014 - 00:50:53 ---A- . (...) -- C:\Archive.ini [47]
O44 - LFC:[MD5.5FEA239AC5A4DB264F93393201FCB2FF] - 09/03/2014 - 00:53:25 ---A- . (...) -- C:\fraglist.luar [677]
O44 - LFC:[MD5.21EE5E07A888CCD48927EF80EA2747B1] - 09/03/2014 - 17:10:34 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [673956]
O44 - LFC:[MD5.649A78F6A4279E80F917F4F21A2ACBEF] - 09/03/2014 - 17:10:34 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [1256130]
O44 - LFC:[MD5.647D818C6FC82F385EBFBBD4FB2DEF6D] - 28/02/2014 - 16:16:34 ---A- . (...) -- C:\Windows\System32\Drivers\merlinC.rom [16382]
O44 - LFC:[MD5.3EF03D4F78814745C3A38F76EF166552] - 28/02/2014 - 16:16:34 ---A- . (.eMPIA Technology, Inc. - BDA Monitor Application.) -- C:\Windows\emMON.exe [65536]
O44 - LFC:[MD5.D2F24F4043C40C12F1EFB362373E0F88] - 28/02/2014 - 16:16:34 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\Windows\System32\Drivers\emBDA64.sys [641536]
O44 - LFC:[MD5.8A118C691C4C09FCD09A6688A65AAB24] - 28/02/2014 - 16:16:34 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\Windows\System32\Drivers\emOEM64.sys [74624]
~ Files: 28 Legitimates Filtered in 00mn 01s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 14 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.A59EF07C958A58E797DC0101B3498EC1] - 27/12/2013 - 00:11:46 ---A- . (.Connectify - NDISRD helper driver.) -- C:\Windows\System32\Drivers\cnnctfy3.sys [35352]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:17:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.D2F24F4043C40C12F1EFB362373E0F88] - 03/04/2008 - 17:01:10 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\Windows\System32\Drivers\emBDA64.sys [641536]
O58 - SDL:[MD5.8A118C691C4C09FCD09A6688A65AAB24] - 07/04/2008 - 14:16:04 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\Windows\System32\Drivers\emOEM64.sys [74624]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:01:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.A3C436C67C60F43FDE192A23C39C640F] - 08/06/2011 - 09:22:34 ---A- . (.No owner - OEM Driver.) -- C:\Windows\System32\Drivers\OEMDrv.sys [268416]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:15:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.D2FBE517D8FE03552E9C6CF91C1540D2] - 28/06/2007 - 11:45:26 ---A- . (.Syntek - Syntek USB 2.0 Video Mini Driver.) -- C:\Windows\System32\Drivers\StkCMini.sys [632704]
O58 - SDL:[MD5.2E2A5434BCB869D189E042E59CE0D25D] - 20/12/2006 - 09:08:02 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Video Pipeline Driver.) -- C:\Windows\System32\Drivers\StkCPipe.sys [6921856]
~ Drivers: 16 Legitimates Filtered in 00mn 25s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{37ACC50D-ED25-4A25-9C05-436BC842B2F1}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{A9BA99AB-5D69-4C35-8690-87F8674AEBB0}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{32688546-96EF-45F6-B0C7-D35606B62351}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{1E5C97D5-3F59-424A-89E1-27BE0FD95BC3}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{44E1982E-D181-421C-9921-4974FCAFD17F}" |In - Private - P6 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS20F6\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{E80DA681-198B-4DF0-B194-2993126B80B4}" |In - Private - P17 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS20F6\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{374CB1B2-6B22-4B39-B245-1A9147597412}" |In - Public - P6 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS17DB\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{6BA2584D-5E30-4E65-9049-2418AFB27121}" |In - Public - P17 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS17DB\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{3D41B58F-641B-4593-8283-16468E4A8DFA}" |In - Public - P6 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS485C\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{EEB362ED-85EE-4878-AC99-B28CB71AC05A}" |In - Public - P17 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS485C\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{CB25F8DF-4FBA-4407-95E9-8E5B6B13A2E2}" |In - Public - P6 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS6AFF\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{C0B551A8-F557-4676-8E55-1AEE6436372A}" |In - Public - P17 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS6AFF\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{DE3FE3C3-6FEA-4B05-BBB4-9BC24A92EB44}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{AE53E3A1-EE07-4D14-AD1F-F07C46F755D9}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{A94FFD37-CC19-4A3D-9131-DBB345E8B8EF}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{F7A5E2AC-5792-4290-B224-1D1F6D61C005}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
~ Firewall: 236 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.D139BD725F28AB1B01BECB8D8EB53133] [WIS][08/07/2012] (.Avid Technology, Inc. - Pinnacle Studio.) -- C:\Windows\Installer\130265.msi [23158784]
~ WIS: 90 Legitimates Filtered in 00mn 08s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 20/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 09/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 23/10/2013 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\SysWOW64\IoctlSvc.exe
SR - | Auto 30/11/2010 336824 | (PSI_SVC_2_x64) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 12/02/2007 24576 | (StkSSrv) . (.Syntek America Inc..) - C:\Windows\System32\StkCSrv.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s
---\\ Scâner Aditional (088)
Database Version : 13031 - (03/03/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Defrag =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\baidu] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu] =>Adware.BDSearch^
~ Additionnel Scan: 384946 Items scanned in 00mn 29s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 1 link(s) detected in 00mn 29s
~ 1074 Legitimates filtered by white list
End of the scan (482 lines in 02mn 18s)(0)
~ Relatório do ZHPDiag v2014.3.2.6 - Nicolas Coolman (03/03/2014)
~ Iniciado por wscgama (09/03/2014 19:06:34)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16518
MFIE: Mozilla Firefox 23.0.1
GCIE: Google Chrome v33.0.1750.146 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft Security Client v4.4.0304.0
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.09 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader 9.1
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4061 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 337 GB (48%) free of 687 GB
---\\ Modo de conexão ao sistema
~ Computer Name: REGIDOPORDEUS
~ User Name: wscgama
~ All Users Names: wscgama, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\wscgama\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\wscgama\AppData\Roaming\
~ %Desktop% : C:\Users\wscgama\Desktop\
~ %Favorites% : C:\Users\wscgama\Favorites\
~ %LocalAppData% : C:\Users\wscgama\AppData\Local\
~ %StartMenu% : C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 337 Go of 687 Go)
D: Hard drive, Flash drive, Thumb drive (Free 214 Go of 244 Go)
E: CD-ROM drive (Free 0 Go of 4 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:49:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:09:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/02/2014 - 05:54:52.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:55:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:57:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 21:39:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:22:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:49:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:49:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:56:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:13:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:49:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:40:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:10:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:53:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:15:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:30:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:22:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:36:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:39:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:51:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:04:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/91
~ Mes musiques (My Musics) : 1/69
~ Mes Videos (My Videos) : 1/386
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 3/225
~ Mon Bureau (My Desktop) : 3/104
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1880]
[MD5.1B31D1266691EDD4224B0036449F14B4] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872] [PID.2344]
[MD5.10E89F598469C60D8C87A8218089A87D] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\wscgama\AppData\Local\Akamai\netsession_win.exe [4489472] [PID.2872]
[MD5.96E8CF4D3731D90058DE39A3BECAD707] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1201448] [PID.2992]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2100]
[MD5.B056E669130A173DA538282081D0D8A8] - (.No owner - ScheduleTV.) -- C:\Program Files (x86)\TVHome Media2\ScheduleTV.exe [110592] [PID.3280]
[MD5.17BCC73FC3EC0E2EC8B674D7C68BB6E9] - (.NewSoft - Monitor Application.) -- C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe [143360] [PID.2344]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [276376] [PID.3776]
[MD5.72EF708552059546B1AAA82E7AA59439] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.2604]
[MD5.0642800E69522E29B93EF4C6BE00D13E] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe [1863560] [PID.3996]
[MD5.4263F6C131E513CEA1AE82B5B81A4E1A] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [808152] [PID.3268]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [887432] [PID.4032]
[MD5.66EA3B698F9A7EA2DBF0E4B246B6C958] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8349696] [PID.180]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1788]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1316]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Windows\SysWOW64\IoctlSvc.exe [81920] [PID.1968]
[MD5.0E447EF3CC90B32BA478093B998C48FD] - (.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) -- C:\Windows\System32\StkCSrv.exe [24576] [PID.2528]
[MD5.193FA51DDDD0BFFDED1C340F0434999A] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752] [PID.3028]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\wscgama\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Adorage 3.0.lnk . (.proDAD GmbH - proDAD Adorage 3.0 Application.) -- C:\Program Files (x86)\proDAD\Adorage-3.0\Adorage.exe
O4 - GS\Desktop [Public]: Ashampoo Cover Studio 2.lnk . (...) -- C:\Program Files (x86)\Ashampoo\Ashampoo Cover Studio 2\coverstudio2.exe
O4 - GS\Desktop [Public]: Ashampoo Music Studio 4.lnk . (.Ashampoo GmbH & Co. KG - Music Studio 4.) -- C:\Program Files (x86)\Ashampoo\Ashampoo Music Studio 4\MusicStudio.exe
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Bitstream Font Navigator (64-Bit).lnk . (...) -- C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav64\FontNav.exe (.not file.)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: HP Print and Scan Doctor.lnk . (...) -- C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Presto! PVR.lnk . (.NewSoft - Presto! PVR Application.) -- C:\Program Files (x86)\NewSoft\Presto! PVR\HPVR.exe
O4 - GS\Desktop [Public]: Vitascene 2.0.lnk . (...) -- C:\Program Files (x86)\proDAD\Vitascene-2.0\Vitascene.exe (.not file.)
O4 - GS\Program [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Word Reader 6.22.lnk . (.Abdio Software Inc - No Comment.) -- C:\Program Files (x86)\Abdio\Word Reader\WordReader.exe
O4 - GS\QuickLaunch [wscgama]: Free Audio Editor.lnk . (...) -- C:\Program Files (x86)\Free Audio Editor\FreeAudioEditor.exe
O4 - GS\QuickLaunch [wscgama]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [wscgama]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [wscgama]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [wscgama]: Spark Browser.lnk . (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O4 - GS\TaskBar [wscgama]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [wscgama]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [wscgama]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [wscgama]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [wscgama]: Transferência de Arquivo Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [wscgama]: Free Audio Editor.lnk . (...) -- C:\Program Files (x86)\Free Audio Editor\FreeAudioEditor.exe
O4 - GS\Desktop [wscgama]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [wscgama]: Movie Maker (2).lnk . (.Microsoft Corporation - Movie Maker.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation
O4 - GS\Desktop [wscgama]: On-Screen Keyboard.lnk . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\system32\osk.exe
O4 - GS\Desktop [wscgama]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [wscgama]: Pinnacle Studio 16.lnk . (.Avid - AvidStudio.) -- C:\Program Files (x86)\Pinnacle\Studio 16\programs\PinnacleStudio.exe
O4 - GS\Desktop [wscgama]: TVHome Media2.lnk . (...) -- C:\Program Files (x86)\TVHome Media2\TVHome Media2.exe
O4 - GS\Desktop [wscgama]: Word Reader 6.22.lnk . (.Abdio Software Inc - No Comment.) -- C:\Program Files (x86)\Abdio\Word Reader\WordReader.exe
~ Global Startup: 100 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: NewShortcut1.lnk . (...) -- C:\Program Files (x86)\USB_video_device\Driver\Driver32\emmon.exe (.not file.)
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\wscgama\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [HCIP] C:\WINDOWS\system32\telegram.exe (.not file.)
O4 - HKCU\..\Run: [Defrag] C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe (.not file.) =>Adware.BDSearch
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [ScheduleTV] . (.No owner - ScheduleTV.) -- C:\Program Files (x86)\TVHome Media2\ScheduleTV.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [PowerDVD13Agent] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [ChangeFilterMerit] . (.NewSoft - ChangeFilterMerit.) -- C:\Program Files (x86)\NewSoft\Presto! PVR\ChangeFilterMerit.exe
O4 - HKLM\..\Wow6432Node\Run: [Presto! PVR Monitor] . (.NewSoft - Monitor Application.) -- C:\Program Files (x86)\NewSoft\Presto! PVR\Monitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [osk.exe] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [osk.exe] . (.Microsoft Corporation - Teclado Virtual para Acessibilidade.) -- C:\Windows\System32\osk.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3067452549-4010853418-3966798514-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-3067452549-4010853418-3966798514-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\wscgama\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-3067452549-4010853418-3966798514-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-3067452549-4010853418-3966798514-1000\..\Run: [HCIP] C:\WINDOWS\system32\telegram.exe (.not file.)
O4 - HKUS\S-1-5-21-3067452549-4010853418-3966798514-1000\..\Run: [Defrag] C:\Program Files (x86)\baidu\Spark\BaiduDefragFiles.exe (.not file.) =>Adware.BDSearch
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7981D3E-3546-43AC-B0F7-49C9D85D63B0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{AFE018C1-1FB5-49BB-8AB8-5F3B88DE37E3}] (...) -- E:\VITASCENE 2.0\VITASCENE 2.0 - 64 BIT.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E4C9C789-13C7-4C5D-B449-2AEDF75B3B27}] (...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) [0] =>Adware.BDSearch
~ Scheduled Task: 14 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: Curriculum 3.1 versão 3.1.0.6 - (.Alv Sites - Soluções Web.) [HKLM][64Bits] -- {863A2C4E-047D-4137-BF99-57D21C1A1AC7}_is1
O42 - Logiciel: TVHome Media2 - (...) [HKLM][64Bits] -- {B066DFB5-809B-448D-A4FA-E9E3005E98A0}
O42 - Logiciel: Xml Viewer - (.MindFusion Limited.) [HKLM][64Bits] -- {F58E04CD-6E76-43C8-AAF1-482225C2910E}
~ Logic: 23 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\SysInfoTools pptm Repair]
[HKCU\Software\baidu] =>Adware.BDSearch
[HKCU\Software\dx20120105]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\Baidu] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Nome de sua empresa:]
[HKLM\Software\Wow6432Node\TVHome Media2]
~ Key Software: 282 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/11/2013 - 22:25:48 - [4,635] ----D C:\Program Files (x86)\Curriculum 3.1
O43 - CFD: 22/01/2014 - 17:53:52 - [1,106] ----D C:\Program Files (x86)\MindFusion Limited
O43 - CFD: 06/01/2014 - 11:13:51 - [15,396] ----D C:\Program Files (x86)\TotalExcelConverter
O43 - CFD: 08/03/2014 - 11:28:02 - [-1772,256] ----D C:\Program Files (x86)\TVHome Media2
O43 - CFD: 19/11/2013 - 00:57:04 - [0,002] ----D C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVHome Media2
O43 - CFD: 22/01/2014 - 17:53:53 - [0,006] ----D C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer
~ Program Folder: 174 Legitimates Filtered in 00mn 35s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4D4A4B0AF7228DFEA772E3B63D0F57E6] - 05/03/2014 - 14:13:41 ---A- . (.No owner - StkUnist MFC Application.) -- C:\Windows\StkUnist.exe [57344]
O44 - LFC:[MD5.D2FBE517D8FE03552E9C6CF91C1540D2] - 05/03/2014 - 14:13:41 ---A- . (.Syntek - Syntek USB 2.0 Video Mini Driver.) -- C:\Windows\System32\Drivers\StkCMini.sys [632704]
O44 - LFC:[MD5.1C0B890BF133D201B8D88D473FAF2668] - 05/03/2014 - 14:13:41 ---A- . (.Syntek America Inc. - Syntek DC-112X Service Loader.) -- C:\Windows\System32\StkSSrv.dll [49152]
O44 - LFC:[MD5.0E447EF3CC90B32BA478093B998C48FD] - 05/03/2014 - 14:13:41 ---A- . (.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) -- C:\Windows\System32\StkCSrv.exe [24576]
O44 - LFC:[MD5.7F9ECC4FEF56EF5286F08C5CC8BA571D] - 05/03/2014 - 14:13:41 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Still Image Capture Applicat.) -- C:\Windows\StkC112X.exe [106496]
O44 - LFC:[MD5.2E2A5434BCB869D189E042E59CE0D25D] - 05/03/2014 - 14:13:41 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Video Pipeline Driver.) -- C:\Windows\System32\Drivers\StkCPipe.sys [6921856]
O44 - LFC:[MD5.32271C261A58FFF35B25F15ACBA38A7D] - 05/03/2014 - 14:13:41 ---A- . (.Syntek America Inc. - Syntek USB 2.0 WIA UI Extension Driver.) -- C:\Windows\System32\StkCWIA.dll [69632]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/03/2014 - 13:14:25 ---A- . (...) -- C:\zbzsys.vbr [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/03/2014 - 13:14:25 ---A- . (...) -- C:\zbzsys.vbr-- [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/03/2014 - 13:17:15 ---A- . (...) -- C:\Windows\system32ravreg.sys [0]
O44 - LFC:[MD5.1AC13763478974493D3F6EF029E5E0CA] - 09/03/2014 - 00:50:53 ---A- . (...) -- C:\Archive.ini [47]
O44 - LFC:[MD5.5FEA239AC5A4DB264F93393201FCB2FF] - 09/03/2014 - 00:53:25 ---A- . (...) -- C:\fraglist.luar [677]
O44 - LFC:[MD5.21EE5E07A888CCD48927EF80EA2747B1] - 09/03/2014 - 17:10:34 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [673956]
O44 - LFC:[MD5.649A78F6A4279E80F917F4F21A2ACBEF] - 09/03/2014 - 17:10:34 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [1256130]
O44 - LFC:[MD5.647D818C6FC82F385EBFBBD4FB2DEF6D] - 28/02/2014 - 16:16:34 ---A- . (...) -- C:\Windows\System32\Drivers\merlinC.rom [16382]
O44 - LFC:[MD5.3EF03D4F78814745C3A38F76EF166552] - 28/02/2014 - 16:16:34 ---A- . (.eMPIA Technology, Inc. - BDA Monitor Application.) -- C:\Windows\emMON.exe [65536]
O44 - LFC:[MD5.D2F24F4043C40C12F1EFB362373E0F88] - 28/02/2014 - 16:16:34 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\Windows\System32\Drivers\emBDA64.sys [641536]
O44 - LFC:[MD5.8A118C691C4C09FCD09A6688A65AAB24] - 28/02/2014 - 16:16:34 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\Windows\System32\Drivers\emOEM64.sys [74624]
~ Files: 28 Legitimates Filtered in 00mn 01s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 14 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.A59EF07C958A58E797DC0101B3498EC1] - 27/12/2013 - 00:11:46 ---A- . (.Connectify - NDISRD helper driver.) -- C:\Windows\System32\Drivers\cnnctfy3.sys [35352]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:17:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.D2F24F4043C40C12F1EFB362373E0F88] - 03/04/2008 - 17:01:10 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\Windows\System32\Drivers\emBDA64.sys [641536]
O58 - SDL:[MD5.8A118C691C4C09FCD09A6688A65AAB24] - 07/04/2008 - 14:16:04 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\Windows\System32\Drivers\emOEM64.sys [74624]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:01:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.A3C436C67C60F43FDE192A23C39C640F] - 08/06/2011 - 09:22:34 ---A- . (.No owner - OEM Driver.) -- C:\Windows\System32\Drivers\OEMDrv.sys [268416]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:15:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.D2FBE517D8FE03552E9C6CF91C1540D2] - 28/06/2007 - 11:45:26 ---A- . (.Syntek - Syntek USB 2.0 Video Mini Driver.) -- C:\Windows\System32\Drivers\StkCMini.sys [632704]
O58 - SDL:[MD5.2E2A5434BCB869D189E042E59CE0D25D] - 20/12/2006 - 09:08:02 ---A- . (.Syntek America Inc. - Syntek USB 2.0 Video Pipeline Driver.) -- C:\Windows\System32\Drivers\StkCPipe.sys [6921856]
~ Drivers: 16 Legitimates Filtered in 00mn 25s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{37ACC50D-ED25-4A25-9C05-436BC842B2F1}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{A9BA99AB-5D69-4C35-8690-87F8674AEBB0}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{32688546-96EF-45F6-B0C7-D35606B62351}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{1E5C97D5-3F59-424A-89E1-27BE0FD95BC3}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{44E1982E-D181-421C-9921-4974FCAFD17F}" |In - Private - P6 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS20F6\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{E80DA681-198B-4DF0-B194-2993126B80B4}" |In - Private - P17 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS20F6\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{374CB1B2-6B22-4B39-B245-1A9147597412}" |In - Public - P6 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS17DB\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{6BA2584D-5E30-4E65-9049-2418AFB27121}" |In - Public - P17 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS17DB\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{3D41B58F-641B-4593-8283-16468E4A8DFA}" |In - Public - P6 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS485C\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{EEB362ED-85EE-4878-AC99-B28CB71AC05A}" |In - Public - P17 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS485C\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{CB25F8DF-4FBA-4407-95E9-8E5B6B13A2E2}" |In - Public - P6 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS6AFF\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{C0B551A8-F557-4676-8E55-1AEE6436372A}" |In - Public - P17 - TRUE | .(...) -- C:\Users\wscgama\AppData\Local\Temp\7zS6AFF\HPDiagnosticCoreUI.exe (.not file.)
O87 - FAEL: "{DE3FE3C3-6FEA-4B05-BBB4-9BC24A92EB44}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{AE53E3A1-EE07-4D14-AD1F-F07C46F755D9}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\Spark.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{A94FFD37-CC19-4A3D-9131-DBB345E8B8EF}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
O87 - FAEL: "{F7A5E2AC-5792-4290-B224-1D1F6D61C005}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\baidu\Spark\baidu_dumper.exe (.not file.) =>Adware.BDSearch
~ Firewall: 236 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.D139BD725F28AB1B01BECB8D8EB53133] [WIS][08/07/2012] (.Avid Technology, Inc. - Pinnacle Studio.) -- C:\Windows\Installer\130265.msi [23158784]
~ WIS: 90 Legitimates Filtered in 00mn 08s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 20/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 09/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 23/10/2013 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\SysWOW64\IoctlSvc.exe
SR - | Auto 30/11/2010 336824 | (PSI_SVC_2_x64) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 12/02/2007 24576 | (StkSSrv) . (.Syntek America Inc..) - C:\Windows\System32\StkCSrv.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s
---\\ Scâner Aditional (088)
Database Version : 13031 - (03/03/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Defrag =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\baidu] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu] =>Adware.BDSearch^
~ Additionnel Scan: 384946 Items scanned in 00mn 29s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 1 link(s) detected in 00mn 29s
~ 1074 Legitimates filtered by white list
End of the scan (482 lines in 02mn 18s)(0)
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: como remover vírus do navegador?
Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Dom 23 Mar 2014, 23:26, editado 2 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: como remover vírus do navegador?
oi, segue a baixo
Rapport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre :
Run by wscgama at 09/03/2014 20:16:21
High Elevated Privileges : OK
Windows Vista Ultimate Edition, 64-bit (Build 6000)
Reciclagem vazia (00mn 27s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\baidu
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ RunValue: HCIP
ELIMINÉ RunValue: Defrag
ELIMINÉ RunValue: PowerDVD13Agent
ELIMINÉ: {37ACC50D-ED25-4A25-9C05-436BC842B2F1}
ELIMINÉ: {A9BA99AB-5D69-4C35-8690-87F8674AEBB0}
ELIMINÉ: {32688546-96EF-45F6-B0C7-D35606B62351}
ELIMINÉ: {1E5C97D5-3F59-424A-89E1-27BE0FD95BC3}
ELIMINÉ: {44E1982E-D181-421C-9921-4974FCAFD17F}
ELIMINÉ: {E80DA681-198B-4DF0-B194-2993126B80B4}
ELIMINÉ: {374CB1B2-6B22-4B39-B245-1A9147597412}
ELIMINÉ: {6BA2584D-5E30-4E65-9049-2418AFB27121}
ELIMINÉ: {3D41B58F-641B-4593-8283-16468E4A8DFA}
ELIMINÉ: {EEB362ED-85EE-4878-AC99-B28CB71AC05A}
ELIMINÉ: {CB25F8DF-4FBA-4407-95E9-8E5B6B13A2E2}
ELIMINÉ: {C0B551A8-F557-4676-8E55-1AEE6436372A}
ELIMINÉ: {DE3FE3C3-6FEA-4B05-BBB4-9BC24A92EB44}
ELIMINÉ: {AE53E3A1-EE07-4D14-AD1F-F07C46F755D9}
ELIMINÉ: {A94FFD37-CC19-4A3D-9131-DBB345E8B8EF}
ELIMINÉ: {F7A5E2AC-5792-4290-B224-1D1F6D61C005}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Private) : TCP Query User{F1375EDC-CF2D-481F-A22F-6BE1A5EDEDCB}C:\program files (x86)\connectify\connectify.exe
ELIMINÉ: FirewallRaz (Private) : UDP Query User{54D0EF6A-A6AE-4567-9B2C-8E6A96C3D1E1}C:\program files (x86)\connectify\connectify.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\bitstream font navigator (64-bit).lnk
ELIMINÉ: c:\users\public\desktop\vitascene 2.0.lnk
ELIMINÉ: c:\users\wscgama\appdata\roaming\microsoft\internet explorer\quick launch\spark browser.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\newshortcut1.lnk
ELIMINÉ Temporários windows (142) (4.474.616 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {AFE018C1-1FB5-49BB-8AB8-5F3B88DE37E3}
ELIMINÉ: {E4C9C789-13C7-4C5D-B449-2AEDF75B3B27}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
4 : Chaves do Registo
30 : Valores do Registo
1 : Pastas
6 : Ficheiros
2 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 05s
========== Caminho do ficheiro do relatório ==========
C:\Users\wscgama\AppData\Roaming\ZHP\ZHPFix[R1].txt - 09/03/2014 20:16:48 [3023]
Rapport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre :
Run by wscgama at 09/03/2014 20:16:21
High Elevated Privileges : OK
Windows Vista Ultimate Edition, 64-bit (Build 6000)
Reciclagem vazia (00mn 27s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\baidu
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ RunValue: HCIP
ELIMINÉ RunValue: Defrag
ELIMINÉ RunValue: PowerDVD13Agent
ELIMINÉ: {37ACC50D-ED25-4A25-9C05-436BC842B2F1}
ELIMINÉ: {A9BA99AB-5D69-4C35-8690-87F8674AEBB0}
ELIMINÉ: {32688546-96EF-45F6-B0C7-D35606B62351}
ELIMINÉ: {1E5C97D5-3F59-424A-89E1-27BE0FD95BC3}
ELIMINÉ: {44E1982E-D181-421C-9921-4974FCAFD17F}
ELIMINÉ: {E80DA681-198B-4DF0-B194-2993126B80B4}
ELIMINÉ: {374CB1B2-6B22-4B39-B245-1A9147597412}
ELIMINÉ: {6BA2584D-5E30-4E65-9049-2418AFB27121}
ELIMINÉ: {3D41B58F-641B-4593-8283-16468E4A8DFA}
ELIMINÉ: {EEB362ED-85EE-4878-AC99-B28CB71AC05A}
ELIMINÉ: {CB25F8DF-4FBA-4407-95E9-8E5B6B13A2E2}
ELIMINÉ: {C0B551A8-F557-4676-8E55-1AEE6436372A}
ELIMINÉ: {DE3FE3C3-6FEA-4B05-BBB4-9BC24A92EB44}
ELIMINÉ: {AE53E3A1-EE07-4D14-AD1F-F07C46F755D9}
ELIMINÉ: {A94FFD37-CC19-4A3D-9131-DBB345E8B8EF}
ELIMINÉ: {F7A5E2AC-5792-4290-B224-1D1F6D61C005}
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Private) : TCP Query User{F1375EDC-CF2D-481F-A22F-6BE1A5EDEDCB}C:\program files (x86)\connectify\connectify.exe
ELIMINÉ: FirewallRaz (Private) : UDP Query User{54D0EF6A-A6AE-4567-9B2C-8E6A96C3D1E1}C:\program files (x86)\connectify\connectify.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\public\desktop\bitstream font navigator (64-bit).lnk
ELIMINÉ: c:\users\public\desktop\vitascene 2.0.lnk
ELIMINÉ: c:\users\wscgama\appdata\roaming\microsoft\internet explorer\quick launch\spark browser.lnk
ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\startup\newshortcut1.lnk
ELIMINÉ Temporários windows (142) (4.474.616 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {AFE018C1-1FB5-49BB-8AB8-5F3B88DE37E3}
ELIMINÉ: {E4C9C789-13C7-4C5D-B449-2AEDF75B3B27}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
4 : Chaves do Registo
30 : Valores do Registo
1 : Pastas
6 : Ficheiros
2 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 05s
========== Caminho do ficheiro do relatório ==========
C:\Users\wscgama\AppData\Roaming\ZHP\ZHPFix[R1].txt - 09/03/2014 20:16:48 [3023]
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: como remover vírus do navegador?
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 23 Mar 2014, 23:27, editado 1 vez(es)
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: como remover vírus do navegador?
eu clico com o botão direito mas não aparece executar como administrador, o q faço pois fiz o dounload assim meesmo
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: como remover vírus do navegador?
é depois que você faz o download dele e o Zoek.exe já estiver na sua área de trabalho é que você clica com o botão direito do mouse e escolhe a opção de executar como administrador.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: como remover vírus do navegador?
é isso?
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by wscgama on 09/03/2014 at 22:58:11,73.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\wscgama\Downloads\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 23:13:26,96 =====
--- Create Environment Variables 23:13:28,40
--- Create System Restore Point 23:13:34,59
--- Checking Input 23:13:52,17
--- Reset Hosts File 23:13:57,22
--- AU AppData Check 23:13:58,73
--- Remove From Windows Installer 23:14:05,95
--- IE Startpage Check 23:16:23,20
--- Program Files DB Check 23:17:16,64
--- C:\Users\Default\AppData\Roaming DB Check 23:18:22,82
--- C:\Users\Default User\AppData\Roaming DB Check 23:18:22,82
--- C:\Users\wscgama\AppData\Roaming DB Check 23:18:22,82
--- C:\Users\USURIO~1\AppData\Roaming DB Check 23:18:22,82
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 23:18:22,82
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 23:18:22,82
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 23:18:22,82
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 23:18:22,82
--- C:\Users\wscgama DB Check 23:22:15,03
--- C:\PROGRA~3 DB Check 23:22:45,42
--- C:\Users\Default\AppData\Local DB Check 23:22:47,56
--- C:\Users\Default User\AppData\Local DB Check 23:22:47,56
--- C:\Users\wscgama\AppData\Local DB Check 23:22:47,56
--- C:\Users\USURIO~1\AppData\Local DB Check 23:22:47,56
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 23:22:47,56
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 23:22:47,56
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 23:22:47,56
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 23:22:47,56
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 23:25:38,60
--- C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 23:25:54,26
--- Tasks DB Check 23:26:02,82
--- Downloads DB Check 23:26:09,36
--- C:\Users\wscgama\AppData\LocalLow DB Check 23:26:20,03
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 23:26:20,03
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 23:26:20,03
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 23:26:20,03
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 23:26:20,03
--- Tasks2 DB Check 23:28:25,95
--- Documents DB Check 23:29:07,50
--- C:\Users\wscgama\AppData\Roaming\Mozilla\Firefox\Profiles\syd7fknw.default DB Check 23:29:18,18
--- C:\Users\wscgama\Desktop DB Check 23:29:24,78
--- Services DB Check 23:29:44,41
--- FF prefs.js DB Check 23:30:36,20
--- Del by CLSID 23:31:51,05
--- Delete Services 23:33:11,76
--- Firefox Fix 23:33:18,36
--- Delete files\folders 23:33:25,17
--- Create Backups 23:33:25,60
--- Firefox Extensions 23:33:49,26
--- Firefox Plugins 23:33:50,96
--- Chrome Look 23:37:12,93
--- Create Backups 23:38:00,45
--- Chrome Fix 23:38:05,03
--- IEdefaults 23:38:05,34
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by wscgama on 09/03/2014 at 22:58:11,73.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\wscgama\Downloads\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 23:13:26,96 =====
--- Create Environment Variables 23:13:28,40
--- Create System Restore Point 23:13:34,59
--- Checking Input 23:13:52,17
--- Reset Hosts File 23:13:57,22
--- AU AppData Check 23:13:58,73
--- Remove From Windows Installer 23:14:05,95
--- IE Startpage Check 23:16:23,20
--- Program Files DB Check 23:17:16,64
--- C:\Users\Default\AppData\Roaming DB Check 23:18:22,82
--- C:\Users\Default User\AppData\Roaming DB Check 23:18:22,82
--- C:\Users\wscgama\AppData\Roaming DB Check 23:18:22,82
--- C:\Users\USURIO~1\AppData\Roaming DB Check 23:18:22,82
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 23:18:22,82
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 23:18:22,82
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 23:18:22,82
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 23:18:22,82
--- C:\Users\wscgama DB Check 23:22:15,03
--- C:\PROGRA~3 DB Check 23:22:45,42
--- C:\Users\Default\AppData\Local DB Check 23:22:47,56
--- C:\Users\Default User\AppData\Local DB Check 23:22:47,56
--- C:\Users\wscgama\AppData\Local DB Check 23:22:47,56
--- C:\Users\USURIO~1\AppData\Local DB Check 23:22:47,56
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 23:22:47,56
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 23:22:47,56
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 23:22:47,56
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 23:22:47,56
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 23:25:38,60
--- C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 23:25:54,26
--- Tasks DB Check 23:26:02,82
--- Downloads DB Check 23:26:09,36
--- C:\Users\wscgama\AppData\LocalLow DB Check 23:26:20,03
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 23:26:20,03
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 23:26:20,03
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 23:26:20,03
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 23:26:20,03
--- Tasks2 DB Check 23:28:25,95
--- Documents DB Check 23:29:07,50
--- C:\Users\wscgama\AppData\Roaming\Mozilla\Firefox\Profiles\syd7fknw.default DB Check 23:29:18,18
--- C:\Users\wscgama\Desktop DB Check 23:29:24,78
--- Services DB Check 23:29:44,41
--- FF prefs.js DB Check 23:30:36,20
--- Del by CLSID 23:31:51,05
--- Delete Services 23:33:11,76
--- Firefox Fix 23:33:18,36
--- Delete files\folders 23:33:25,17
--- Create Backups 23:33:25,60
--- Firefox Extensions 23:33:49,26
--- Firefox Plugins 23:33:50,96
--- Chrome Look 23:37:12,93
--- Create Backups 23:38:00,45
--- Chrome Fix 23:38:05,03
--- IEdefaults 23:38:05,34
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: como remover vírus do navegador?
O relatório dele é diferente. Creio que ele ainda deve estar fazendo a limpeza, não é mesmo? Só quando ele terminar a limpeza é que você deve postar o relatório dele.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: como remover vírus do navegador?
rsrsrs, acho q agora foi
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by wscgama on 09/03/2014 at 22:58:11,73.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\wscgama\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
09/03/2014 23:13:50 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\wscgama\AppData\Roaming\Mozilla\Firefox\Profiles\syd7fknw.default\prefs.js:
Added to C:\Users\wscgama\AppData\Roaming\Mozilla\Firefox\Profiles\syd7fknw.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\PROGRA~3\CorelDRAW Graphics Suite X6.1 deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\wscgama\AppData\Roaming\Mozilla\Firefox\Profiles\syd7fknw.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
==== Chrome Look ======================
Google Docs - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Color My Facebook - wscgama\AppData\Local\Spark\User Data\Default\Extensions\delimgmbagokgmjffmedgcafjcakbedp
Video Download - wscgama\AppData\Local\Spark\User Data\Default\Extensions\djmgfiokceelcoeihknfhbnnbboaibkm
Facebook Theme Creator - wscgama\AppData\Local\Spark\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh
==== Chrome Fix ======================
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Local Storage\chrome-extension_delimgmbagokgmjffmedgcafjcakbedp_0.localstorage deleted successfully
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\databases\chrome-extension_delimgmbagokgmjffmedgcafjcakbedp_0 deleted successfully
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Local Extension Settings\delimgmbagokgmjffmedgcafjcakbedp deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\wscgama\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Preferences was reset successfully
C:\Users\wscgama\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3067452549-4010853418-3966798514-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\wscgama\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\wscgama\Desktop\Free Audio Editor.lnk - C:\Program Files (x86)\Free Audio Editor\FreeAudioEditor.exe
C:\Users\wscgama\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\wscgama\Desktop\Movie Maker (2).lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\Users\wscgama\Desktop\Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\Users\wscgama\Desktop\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\wscgama\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\wscgama\Desktop\Pinnacle Studio 16.lnk - C:\Program Files (x86)\Pinnacle\Studio 16\programs\PinnacleStudio.EXE
C:\Users\wscgama\Desktop\TVHome Media2.lnk - C:\Program Files (x86)\TVHome Media2\TVHome Media2.exe
C:\Users\wscgama\Desktop\Word Reader 6.22.lnk - C:\Program Files (x86)\Abdio\Word Reader\WordReader.exe
C:\Users\wscgama\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\wscgama\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Acrobat.com.lnk - C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Adorage 3.0.lnk - C:\Program Files (x86)\proDAD\Adorage-3.0\Adorage.exe
C:\Users\Public\Desktop\Ashampoo Cover Studio 2.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Cover Studio 2\coverstudio2.exe
C:\Users\Public\Desktop\Ashampoo Music Studio 4.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Music Studio 4\MusicStudio.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Comprar suprimentos - HP Deskjet 3510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 3510 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\Compre suprimentos - HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\Corel CAPTURE X6 (64-Bit).lnk - c:\Windows\Installer\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}\NewShortcut6_C2D12190778B49D7B6847BAECAE7BE9D.exe
C:\Users\Public\Desktop\Corel CONNECT X6 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Connect64\Connect.exe
C:\Users\Public\Desktop\Corel PHOTO-PAINT X6 (64-Bit).lnk - c:\Windows\Installer\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}\NewShortcut4_1B93EBAA624B47A7847E8976FF2E037B.exe
C:\Users\Public\Desktop\CorelDRAW X6 (64-Bit).lnk - c:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut1_41AAC0AC880545E6A1C81230F4159C30.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HPScan.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 3510 series\Bin\HP Deskjet 3510 series.exe -Start UDCDevicePage
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk - C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Presto PVR.lnk -
C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files (x86)\Recuva\recuva64.exe
==== shortcuts in Users Start Menu ======================
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spark Browser\Spark Browser.lnk - C:\Program Files (x86)\baidu\Spark\Spark.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spark Browser\Uninstall.lnk - C:\Program Files (x86)\baidu\Spark\Uninstall.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer\The MindFusion Forums.lnk - C:\Users\wscgama\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_649292576B86E5848D283C.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer\XML Viewer.lnk - C:\Users\wscgama\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_3C27D014EB01FB13429F5D.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewSoft\Presto PVR.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewSoft\Presto PVR.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewSoft\Presto PVR\PVR Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewSoft\Presto PVR\ReadMe.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Audio Editor.lnk - C:\Program Files (x86)\Free Audio Editor\FreeAudioEditor.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word Viewer 2003.lnk - C:\Windows\Installer\{90850416-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TVHome Media2.lnk - C:\Program Files (x86)\TVHome Media2\TVHome Media2.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local;"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JE4V6CZ will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\403BGK7L will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40NRDORL will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5X50F6LB will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K1WWF56 will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O6E2J73 will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DANQRN95 will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBR9Y6LJ will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT8HYLLH will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQT7VFZK will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\wscgama\AppData\Local\Mozilla\Firefox\Profiles\syd7fknw.default\Cache will be emptied at reboot
==== Empty Chrome Cache ======================
C:\Users\wscgama\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=70 folders=22 1049173 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\wscgama\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\wscgama\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Extensions\delimgmbagokgmjffmedgcafjcakbedp" deleted
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JE4V6CZ" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\403BGK7L" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40NRDORL" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5X50F6LB" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K1WWF56" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O6E2J73" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DANQRN95" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBR9Y6LJ" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT8HYLLH" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQT7VFZK" not found
==== EOF on 09/03/2014 at 23:46:05,59 ======================
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by wscgama on 09/03/2014 at 22:58:11,73.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\wscgama\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
09/03/2014 23:13:50 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\wscgama\AppData\Roaming\Mozilla\Firefox\Profiles\syd7fknw.default\prefs.js:
Added to C:\Users\wscgama\AppData\Roaming\Mozilla\Firefox\Profiles\syd7fknw.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\PROGRA~3\CorelDRAW Graphics Suite X6.1 deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\wscgama\AppData\Roaming\Mozilla\Firefox\Profiles\syd7fknw.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
==== Chrome Look ======================
Google Docs - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - wscgama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Color My Facebook - wscgama\AppData\Local\Spark\User Data\Default\Extensions\delimgmbagokgmjffmedgcafjcakbedp
Video Download - wscgama\AppData\Local\Spark\User Data\Default\Extensions\djmgfiokceelcoeihknfhbnnbboaibkm
Facebook Theme Creator - wscgama\AppData\Local\Spark\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh
==== Chrome Fix ======================
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Local Storage\chrome-extension_delimgmbagokgmjffmedgcafjcakbedp_0.localstorage deleted successfully
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\databases\chrome-extension_delimgmbagokgmjffmedgcafjcakbedp_0 deleted successfully
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Local Extension Settings\delimgmbagokgmjffmedgcafjcakbedp deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\wscgama\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Preferences was reset successfully
C:\Users\wscgama\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3067452549-4010853418-3966798514-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\wscgama\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\wscgama\Desktop\Free Audio Editor.lnk - C:\Program Files (x86)\Free Audio Editor\FreeAudioEditor.exe
C:\Users\wscgama\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\wscgama\Desktop\Movie Maker (2).lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\Users\wscgama\Desktop\Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
C:\Users\wscgama\Desktop\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\wscgama\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\wscgama\Desktop\Pinnacle Studio 16.lnk - C:\Program Files (x86)\Pinnacle\Studio 16\programs\PinnacleStudio.EXE
C:\Users\wscgama\Desktop\TVHome Media2.lnk - C:\Program Files (x86)\TVHome Media2\TVHome Media2.exe
C:\Users\wscgama\Desktop\Word Reader 6.22.lnk - C:\Program Files (x86)\Abdio\Word Reader\WordReader.exe
C:\Users\wscgama\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\wscgama\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Acrobat.com.lnk - C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Adorage 3.0.lnk - C:\Program Files (x86)\proDAD\Adorage-3.0\Adorage.exe
C:\Users\Public\Desktop\Ashampoo Cover Studio 2.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Cover Studio 2\coverstudio2.exe
C:\Users\Public\Desktop\Ashampoo Music Studio 4.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Music Studio 4\MusicStudio.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Comprar suprimentos - HP Deskjet 3510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 3510 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\Compre suprimentos - HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\Corel CAPTURE X6 (64-Bit).lnk - c:\Windows\Installer\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}\NewShortcut6_C2D12190778B49D7B6847BAECAE7BE9D.exe
C:\Users\Public\Desktop\Corel CONNECT X6 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Connect64\Connect.exe
C:\Users\Public\Desktop\Corel PHOTO-PAINT X6 (64-Bit).lnk - c:\Windows\Installer\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}\NewShortcut4_1B93EBAA624B47A7847E8976FF2E037B.exe
C:\Users\Public\Desktop\CorelDRAW X6 (64-Bit).lnk - c:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut1_41AAC0AC880545E6A1C81230F4159C30.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HPScan.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Public\Desktop\HP Deskjet 3510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 3510 series\Bin\HP Deskjet 3510 series.exe -Start UDCDevicePage
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk - C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Presto PVR.lnk -
C:\Users\Public\Desktop\Recuva.lnk - C:\Program Files (x86)\Recuva\recuva64.exe
==== shortcuts in Users Start Menu ======================
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spark Browser\Spark Browser.lnk - C:\Program Files (x86)\baidu\Spark\Spark.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spark Browser\Uninstall.lnk - C:\Program Files (x86)\baidu\Spark\Uninstall.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer\The MindFusion Forums.lnk - C:\Users\wscgama\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_649292576B86E5848D283C.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Viewer\XML Viewer.lnk - C:\Users\wscgama\AppData\Roaming\Microsoft\Installer\{F58E04CD-6E76-43C8-AAF1-482225C2910E}\_3C27D014EB01FB13429F5D.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewSoft\Presto PVR.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewSoft\Presto PVR.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewSoft\Presto PVR\PVR Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewSoft\Presto PVR\ReadMe.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Audio Editor.lnk - C:\Program Files (x86)\Free Audio Editor\FreeAudioEditor.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word Viewer 2003.lnk - C:\Windows\Installer\{90850416-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TVHome Media2.lnk - C:\Program Files (x86)\TVHome Media2\TVHome Media2.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\wscgama\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local;
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JE4V6CZ will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\403BGK7L will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40NRDORL will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5X50F6LB will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K1WWF56 will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O6E2J73 will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DANQRN95 will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBR9Y6LJ will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT8HYLLH will be deleted at reboot
C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQT7VFZK will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\wscgama\AppData\Local\Mozilla\Firefox\Profiles\syd7fknw.default\Cache will be emptied at reboot
==== Empty Chrome Cache ======================
C:\Users\wscgama\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=70 folders=22 1049173 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\wscgama\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\wscgama\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\wscgama\AppData\Local\Spark\User Data\Default\Extensions\delimgmbagokgmjffmedgcafjcakbedp" deleted
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3JE4V6CZ" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\403BGK7L" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40NRDORL" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5X50F6LB" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K1WWF56" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O6E2J73" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DANQRN95" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBR9Y6LJ" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GT8HYLLH" not found
"C:\Users\wscgama\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQT7VFZK" not found
==== EOF on 09/03/2014 at 23:46:05,59 ======================
ALINEBGAMA- Iniciante
- Mensagens : 20
Reputação : 1
Data de inscrição : 09/03/2014
Re: como remover vírus do navegador?
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: como remover vírus do navegador?
CASO RESOLVIDO
Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes
» como remover oursurfing.com do navegador google chrome
» Virus de Navegador
» Possivel virus de navegador
» Remover Qone8 do navegador!
» Remover mystartsearch.com do navegador
» Virus de Navegador
» Possivel virus de navegador
» Remover Qone8 do navegador!
» Remover mystartsearch.com do navegador
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos