Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 5 usuários online :: 0 registrados, 0 invisíveis e 5 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Virus no PC,que abrem paginas não solicitadas
2 participantes
Página 1 de 1
Virus no PC,que abrem paginas não solicitadas
Bom Dia !
meu pc está com virus e o Avast não consegue retirar...aparece que "Uma ameaça foi detectada h_rvzr-a_akamaihd_net__amz__aeyJhZmZpZCI6MTgwMCwic3V..." e outras mais. Tambem, quando busco texto na NET, algumas palavras aparecem grifadas em azul, e estes remetem a links de virus.
Podem me ajudar ?
Grato
meu pc está com virus e o Avast não consegue retirar...aparece que "Uma ameaça foi detectada h_rvzr-a_akamaihd_net__amz__aeyJhZmZpZCI6MTgwMCwic3V..." e outras mais. Tambem, quando busco texto na NET, algumas palavras aparecem grifadas em azul, e estes remetem a links de virus.
Podem me ajudar ?
Grato
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
Olá Dawidson.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Virus no PC,que abrem paginas não solicitadas
Power Max escreveu:Olá Dawidson.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
# AdwCleaner v3.023 - Relatório criado 07/04/2014 às 10:00:05
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : Dawidson - DAWIDSON-HP
# Executando de : C:\Users\Dawidson\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Google Chrome v33.0.1750.154
[ Arquivo : C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [788 octets] - [07/04/2014 09:52:24]
AdwCleaner[S0].txt - [707 octets] - [07/04/2014 10:00:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [766 octets] ##########
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 07 Abr 2014, 11:17, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Virus no PC,que abrem paginas não solicitadas
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Dawidson on 07/04/2014 at 10:25:53,90.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dawidson\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
07/04/2014 10:29:23 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Dawidson\.android deleted
C:\Program Files\suprasavings deleted
C:\PROGRA~2\UpdaterLog.txt deleted
C:\PROGRA~2\SPL2620.tmp deleted
C:\PROGRA~2\SPL31B5.tmp deleted
C:\PROGRA~2\SPL4633.tmp deleted
C:\PROGRA~2\SPL694.tmp deleted
C:\PROGRA~2\SPL6E41.tmp deleted
C:\PROGRA~2\SPL8644.tmp deleted
C:\PROGRA~2\SPL9942.tmp deleted
C:\PROGRA~2\SPLC754.tmp deleted
C:\PROGRA~2\SPLE569.tmp deleted
C:\PROGRA~2\SPLEF7D.tmp deleted
C:\user.js deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Users\Dawidson\AppData\Roaming\Mozilla\Extensions\speedanalysis04@SpeedAnalysis.com deleted
C:\Users\Dawidson\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com deleted
C:\Users\Dawidson\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"speedanalysis04@SpeedAnalysis.com"="C:\Users\Dawidson\AppData\Roaming\Mozilla\Extensions\speedanalysis04@SpeedAnalysis.com" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"speedanalysis04@SpeedAnalysis.com"="C:\Users\Dawidson\AppData\Roaming\Mozilla\Extensions\speedanalysis04@SpeedAnalysis.com" []
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[13/01/2014 22:15]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03/03/2014 09:53]
mkfokfffehpeedafpekjeddnmnjhmcmk - No path found[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Dawidson\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[08/01/2014 12:55]
Supra Savings - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk
AdBlock - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Website Blocker Beta - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib
avast WebRep - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Skype Click to Call - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Chrome Fix ======================
C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.uol.com.br/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.uol.com.br/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3727109833-2989101044-291401390-1000\Software\Mozilla\Firefox\Extensions\speedanalysis04@SpeedAnalysis.com deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\speedanalysis04@SpeedAnalysis.com deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Dawidson\Desktop\Administração de token.lnk -
C:\Users\Dawidson\Desktop\AGENDA.lnk - C:\Users\Dawidson\AGENDA\agendadw.OR3
C:\Users\Dawidson\Desktop\Continue WinZip Installation.lnk - C:\Users\Dawidson\AppData\Local\Temp\ICReinstall_winzip-180-build-11023-32-bits.exe /RR
C:\Users\Dawidson\Desktop\Debit.lnk - C:\Users\Dawidson\DEBIT\DEBIT2002\debit2000\Debit.exe
C:\Users\Dawidson\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Dawidson\Desktop\HP Support Assistant.lnk - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Dawidson\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Dawidson\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Dawidson\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Dawidson\Desktop\SmartTRAK.lnk - C:\Program Files\SmartTRAK\SmartTRAK.exe
C:\Users\Dawidson\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Users\Dawidson\Desktop\Velocidade Do PC.lnk - C:\Program Files\Velocidade Do PC\PCSULauncher.exe
C:\Users\Dawidson\Desktop\Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\avast Internet Security.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\Users\Public\Desktop\Experimente o HP MyRoom gratuitamente.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Public\Desktop\HP+.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Public\Desktop\Juris Síntese DVD.lnk -
C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK - C:\Program Files\Lexmark\Dashboard\LX__Dashboard.exe
C:\Users\Public\Desktop\Magic Desktop.lnk - C:\Program Files\EasyBits For Kids\ezSecShield.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe
C:\Users\Public\Desktop\PhotoImpression 5.lnk - C:\Program Files\ArcSoft\PhotoImpression 5\photoimpression.exe
C:\Users\Public\Desktop\Receitanet 1.03 .lnk - C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\RegHunter.lnk - C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
C:\Users\Public\Desktop\Seagate Dashboard.lnk - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe
C:\Users\Public\Desktop\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE
==== shortcuts in Users Start Menu ======================
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\Dawidson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk -
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk -
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 18.0.lnk - C:\Program Files\WinZip\WINZIP32.EXE
==== shortcuts in Quick Launch ======================
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP LinkUp Viewer.lnk - C:\Program Files\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\Public\Desktop\Experimente o HP MyRoom gratuitamente.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
C:\Users\Public\Desktop\HP+.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8B501B6E56F182443979D1DFA8309BD4 deleted successfully
==== Empty IE Cache ======================
C:\Users\Dawidson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dawidson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=184 folders=21 10186849 bytes)
==== Empty Temp Folders ======================
C:\Users\Dawidson\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Dawidson\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on 07/04/2014 at 10:56:57,76 ======================
Tool run by Dawidson on 07/04/2014 at 10:25:53,90.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dawidson\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
07/04/2014 10:29:23 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Dawidson\.android deleted
C:\Program Files\suprasavings deleted
C:\PROGRA~2\UpdaterLog.txt deleted
C:\PROGRA~2\SPL2620.tmp deleted
C:\PROGRA~2\SPL31B5.tmp deleted
C:\PROGRA~2\SPL4633.tmp deleted
C:\PROGRA~2\SPL694.tmp deleted
C:\PROGRA~2\SPL6E41.tmp deleted
C:\PROGRA~2\SPL8644.tmp deleted
C:\PROGRA~2\SPL9942.tmp deleted
C:\PROGRA~2\SPLC754.tmp deleted
C:\PROGRA~2\SPLE569.tmp deleted
C:\PROGRA~2\SPLEF7D.tmp deleted
C:\user.js deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Users\Dawidson\AppData\Roaming\Mozilla\Extensions\speedanalysis04@SpeedAnalysis.com deleted
C:\Users\Dawidson\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com deleted
C:\Users\Dawidson\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"speedanalysis04@SpeedAnalysis.com"="C:\Users\Dawidson\AppData\Roaming\Mozilla\Extensions\speedanalysis04@SpeedAnalysis.com" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"speedanalysis04@SpeedAnalysis.com"="C:\Users\Dawidson\AppData\Roaming\Mozilla\Extensions\speedanalysis04@SpeedAnalysis.com" []
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[13/01/2014 22:15]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03/03/2014 09:53]
mkfokfffehpeedafpekjeddnmnjhmcmk - No path found[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Dawidson\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[08/01/2014 12:55]
Supra Savings - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk
AdBlock - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Website Blocker Beta - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib
avast WebRep - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Skype Click to Call - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Wallet - Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Chrome Fix ======================
C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.uol.com.br/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.uol.com.br/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3727109833-2989101044-291401390-1000\Software\Mozilla\Firefox\Extensions\speedanalysis04@SpeedAnalysis.com deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\speedanalysis04@SpeedAnalysis.com deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\Dawidson\Desktop\Administração de token.lnk -
C:\Users\Dawidson\Desktop\AGENDA.lnk - C:\Users\Dawidson\AGENDA\agendadw.OR3
C:\Users\Dawidson\Desktop\Continue WinZip Installation.lnk - C:\Users\Dawidson\AppData\Local\Temp\ICReinstall_winzip-180-build-11023-32-bits.exe /RR
C:\Users\Dawidson\Desktop\Debit.lnk - C:\Users\Dawidson\DEBIT\DEBIT2002\debit2000\Debit.exe
C:\Users\Dawidson\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Dawidson\Desktop\HP Support Assistant.lnk - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Dawidson\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Dawidson\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Dawidson\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Dawidson\Desktop\SmartTRAK.lnk - C:\Program Files\SmartTRAK\SmartTRAK.exe
C:\Users\Dawidson\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Users\Dawidson\Desktop\Velocidade Do PC.lnk - C:\Program Files\Velocidade Do PC\PCSULauncher.exe
C:\Users\Dawidson\Desktop\Windows Live Mail.lnk - C:\Program Files\Windows Live\Mail\wlmail.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\avast Internet Security.lnk -
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\Users\Public\Desktop\Experimente o HP MyRoom gratuitamente.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Public\Desktop\HP+.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Users\Public\Desktop\Juris Síntese DVD.lnk -
C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK - C:\Program Files\Lexmark\Dashboard\LX__Dashboard.exe
C:\Users\Public\Desktop\Magic Desktop.lnk - C:\Program Files\EasyBits For Kids\ezSecShield.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe
C:\Users\Public\Desktop\PhotoImpression 5.lnk - C:\Program Files\ArcSoft\PhotoImpression 5\photoimpression.exe
C:\Users\Public\Desktop\Receitanet 1.03 .lnk - C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\RegHunter.lnk - C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
C:\Users\Public\Desktop\Seagate Dashboard.lnk - C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe
C:\Users\Public\Desktop\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE
==== shortcuts in Users Start Menu ======================
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\Dawidson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk -
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk -
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files\Microsoft OneDrive\OneDriveSetup.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 18.0.lnk - C:\Program Files\WinZip\WINZIP32.EXE
==== shortcuts in Quick Launch ======================
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP LinkUp Viewer.lnk - C:\Program Files\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\Public\Desktop\Experimente o HP MyRoom gratuitamente.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
C:\Users\Public\Desktop\HP+.lnk - C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8B501B6E56F182443979D1DFA8309BD4 deleted successfully
==== Empty IE Cache ======================
C:\Users\Dawidson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dawidson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=184 folders=21 10186849 bytes)
==== Empty Temp Folders ======================
C:\Users\Dawidson\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Dawidson\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on 07/04/2014 at 10:56:57,76 ======================
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Virus no PC,que abrem paginas não solicitadas
Power Max escreveu: Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Starter x86
Ran by Dawidson on 07/04/2014 at 11:30:05,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/04/2014 at 11:41:26,53
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
Baixe o programa Shortcut Cleaner acessando este link abaixo e depois clicando no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste o relatório do Shortcut Cleaner que terá o nome de sc-cleaner.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste o relatório do Shortcut Cleaner que terá o nome de sc-cleaner.txt
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Virus no PC,que abrem paginas não solicitadas
Power Max escreveu: Baixe o programa Shortcut Cleaner acessando este link abaixo e depois clicando no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste o relatório do Shortcut Cleaner que terá o nome de sc-cleaner.txt
Shortcut Cleaner 1.3.2 by Lawrence Abrams (Grinler)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Windows Version: Windows 7 Starter Service Pack 1
Program started at: 04/07/2014 12:18:12 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\Dawidson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\Dawidson\Desktop
0 bad shortcuts found.
Program finished at: 04/07/2014 12:18:15 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Virus no PC,que abrem paginas não solicitadas
Power Max escreveu: Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
~ Relatório do ZHPDiag v2014.4.7.6 - Nicolas Coolman (07/04/2014)
~ Iniciado por Dawidson (07/04/2014 12:43:16)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
GCIE: Google Chrome v33.0.1750.154 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1603.0
Malwarebytes Anti-Malware versão 2.00.0.1000
Norton Internet Security v19.1.0.28
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.11 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1636 MB (23% free)
System Restore: Activé (Enable)
System drive C: has 370 GB (81%) free of 454 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DAWIDSON-HP
~ User Name: Dawidson
~ All Users Names: Dawidson, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Dawidson\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Dawidson\AppData\Roaming\
~ %Desktop% : C:\Users\Dawidson\Desktop\
~ %Favorites% : C:\Users\Dawidson\Favorites\
~ %LocalAppData% : C:\Users\Dawidson\AppData\Local\
~ %StartMenu% : C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 370 Go of 454 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 11 Go)
E: CD-ROM drive (Free 0 Go of 4 Go)
F: Hard drive, Flash drive, Thumb drive (Free 175 Go of 466 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.10/05/2012 - 20:54:16.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.AAFEAB4FC9D70253F8C7E353E879E8A2] - (.Microsoft Corporation - Internet Extensions para Win32.) (.28/02/2014 - 23:32:16.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 18:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.10/05/2012 - 20:55:25.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.C37AEE5966EB5929E2051AC7409B5730] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.10/05/2012 - 20:52:26.) -- C:\Windows\system32\Drivers\volsnap.sys [246144]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/6555
~ Mes musiques (My Musics) : 9/2696
~ Mes Videos (My Videos) : 1/219
~ Mes Favoris (My Favorites) : 1/182
~ Mes Documents (My Documents) : 2/7452
~ Mon Bureau (My Desktop) : 1/23
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 23s
---\\ Processos lançados
[MD5.EE0F9706AA378A99ABD902419693FEB9] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [7430968] [PID.3564]
[MD5.8F07B4AD504A2D2FAD1B923FCDAF9EAB] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5655184] [PID.3596]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\hpwuschd2.exe [49208] [PID.3036]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.1372]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.3892]
[MD5.01012ABDC81C727B4725B1BDBEA02671] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4769352] [PID.2404]
[MD5.96B3C4E20F02CA16AA1E3E425BFFCC8B] - (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdc.exe [648072] [PID.2396]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.3588]
[MD5.04F6CBD2BDAB19480F82AB255E56E9DB] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [151552] [PID.3744]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488] [PID.936]
[MD5.51FFA164418B97B6B4CAFE5A0B7097B0] - (.No owner - Printer Device Monitor.) -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe [772712] [PID.1608]
[MD5.C0053C87AEFDE64D6C0179BE7E1C393B] - (...) -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [150264] [PID.3032]
[MD5.39AF1CDEAFA4FC9D5185FBD9F4D141C4] - (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Dawidson\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800] [PID.4192]
[MD5.1553313A94B927B65FCD27635BF49866] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Dawidson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224] [PID.5176]
[MD5.C861851A0BBD9903E324487011AA3705] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [299008] [PID.5040]
[MD5.D28C5A1411BB0B47E05E0D6AAF896690] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [299008] [PID.4156]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [859976] [PID.5104]
[MD5.DAED038EA1E82356058007D3F92B641E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8187392] [PID.4744]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@nokia.com/EnablerPlugin] - (.No owner - Nokia Suite Enabler Plugin.) -- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (...) -- C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
P2 - FPN: [HKCU] [@octoshape.com/Octoshape Streaming Services,version=1.0] - (.Octoshape ApS - Octoshape embedded video plugin.) -- C:\Users\Dawidson\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Dawidson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ BHO: 22 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: Experimente o HP MyRoom gratuitamente.lnk . (...) -- C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
O4 - GS\Desktop [Public]: HP+.lnk . (...) -- C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
O4 - GS\Desktop [Public]: Juris Síntese DVD.lnk . (.IOB - No Comment.) -- E:\JSDVD.exe
O4 - GS\Desktop [Public]: Launch Lexmark Printer Home.LNK . (...) -- C:\Program Files\Lexmark\Dashboard\LX__Dashboard.exe
O4 - GS\Desktop [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Desktop [Public]: PhotoImpression 5.lnk . (.ArcSoft Inc. - PhotoImpression.) -- C:\Program Files\ArcSoft\PhotoImpression 5\photoimpression.exe
O4 - GS\Desktop [Public]: Receitanet 1.03 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: RegHunter.lnk . (.Enigma Software Group USA, LLC. - RegHunter Application.) -- C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe =>Crapware.RegHunter
O4 - GS\Desktop [Public]: Seagate Dashboard.lnk . (...) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe
O4 - GS\Desktop [Public]: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\QuickLaunch [Dawidson]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Dawidson]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Dawidson]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Dawidson]: HP LinkUp Viewer.lnk . (.Hewlett-Packard Company - HP LinkUp Viewer.) -- C:\Program Files\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
O4 - GS\TaskBar [Dawidson]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Dawidson]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Dawidson]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Dawidson]: Administração de token.lnk . (.A.E.T. Europe B.V. - Token Administration Utility.) -- C:\Program Files\A.E.T. Europe B.V\SafeSign\Management Utility\tokenadmin.exe
O4 - GS\Desktop [Dawidson]: AGENDA.lnk . (...) -- C:\Users\Dawidson\AGENDA\agendadw.OR3
O4 - GS\Desktop [Dawidson]: Continue WinZip Installation.lnk . (...) -- C:\Users\Dawidson\AppData\Local\Temp\ICReinstall_winzip-180-build-11023-32-bits.exe (.not file.)
O4 - GS\Desktop [Dawidson]: Debit.lnk . (...) -- C:\Users\Dawidson\DEBIT\DEBIT2002\debit2000\Debit.exe
O4 - GS\Desktop [Dawidson]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Dawidson]: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe =>.Hewlett-Packard Co
O4 - GS\Desktop [Dawidson]: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe
O4 - GS\Desktop [Dawidson]: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
O4 - GS\Desktop [Dawidson]: SmartTRAK.lnk . (.SCUBAPRO - UWATEC SmartTRAK 2.0.8.0.) -- C:\Program Files\SmartTRAK\SmartTRAK.exe
O4 - GS\Desktop [Dawidson]: SpyHunter.lnk . (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe =>Crapware.SpyHunter
O4 - GS\Desktop [Dawidson]: Velocidade Do PC.lnk . (...) -- C:\Program Files\Velocidade Do PC\PCSULauncher.exe
~ Global Startup: 78 Legitimates Filtered in 00mn 05s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Easybits Recovery] . (.EasyBits Software AS - No Comment.) -- C:\Program Files\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst Control Center Launcher.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [20131121] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\2b81db55-db9d-44c9-89c5-7759c9f2881f.exe
O4 - HKLM\..\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files\PDF Complete\pdfsty.exe =>.PDF Complete Inc
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [lxebmon.exe] . (.No owner - Printer Device Monitor.) -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
O4 - HKLM\..\Run: [EzPrint] . (...) -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Dawidson\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Dawidson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_D09BADE66C247D7F66FE450263387F52] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3727109833-2989101044-291401390-1000\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Dawidson\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKUS\S-1-5-21-3727109833-2989101044-291401390-1000\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Dawidson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-21-3727109833-2989101044-291401390-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3727109833-2989101044-291401390-1000\..\Run: [GoogleChromeAutoLaunch_D09BADE66C247D7F66FE450263387F52] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Sincronização de Favoritos do ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B94EF42-DF5A-43E9-8C92-E4016A4B4B2F}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8B94EF42-DF5A-43E9-8C92-E4016A4B4B2F}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8B94EF42-DF5A-43E9-8C92-E4016A4B4B2F}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 1 Legitimates Filtered in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: lxeb_device (lxeb_device) . (.No owner - Printer Communication System.) - C:\Windows\system32\lxebcoms.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
~ Services: 14 Legitimates Filtered in 00mn 21s
---\\ Tarefas planificadas automaticamente (039)
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{15CF7B5A-56D3-4295-B522-531497209822}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{2CAF5574-A447-431A-84FF-B912DF57979F}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{3CB15777-4DCC-435C-96F5-DADB81A0E0D4}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{557A7F77-4E08-499D-9340-26FB1D0884F8}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{865091AF-585E-460A-9C87-016BB897914A}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.81FC93F67CB7582FA9651F29DE66EC8F] [APT] [{AD7C905C-9E5A-4060-8814-BC1AAA1426E9}] (.SCUBAPRO.) -- C:\Users\Dawidson\Documents\Meus arquivos recebidos\install_esp.exe [6809231]
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{D6CDD9A6-3F56-4EE5-BE08-0255D0168625}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{E6CED86C-7D22-43D7-B571-190A9A28DA5E}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe [31232]
~ Scheduled Task: 32 Legitimates Filtered in 00mn 10s
---\\ Software instalados (042)
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Ink Monitor - (...) [HKLM] -- Ink Monitor
O42 - Logiciel: Juris Síntese DVD - (.Síntese.) [HKLM] -- {66281488-FDE8-4C16-A0B3-68649E1EBEBB}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {5A063474-AD9D-4AFE-8CCF-A076ACDF8FD7}
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {66913111-2F8A-4950-AA93-51C26182FC35}
~ Logic: 43 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\AutoPrntApp]
[HKCU\Software\DVDJSIOB]
[HKCU\Software\GbAs]
[HKCU\Software\SupraSavings] =>PUP.SupraSavings
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Control]
[HKLM\Software\DVDJSIOB]
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher
[HKLM\Software\S]
[HKLM\Software\suprasavings] =>PUP.SupraSavings
~ Key Software: 334 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/04/2014 - 18:39:29 - [0] ----D C:\Program Files\003
O43 - CFD: 05/07/2012 - 18:16:15 - [9,225] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 06/03/2013 - 11:10:05 - [24,972] ----D C:\Program Files\DawningSoft
O43 - CFD: 06/03/2013 - 16:02:37 - [8,843] ----D C:\Program Files\Programas RFB
O43 - CFD: 05/04/2013 - 11:38:18 - [12,662] ----D C:\Program Files\QualiSoft
O43 - CFD: 20/01/2014 - 10:12:03 - [2,675] ----D C:\Program Files\Scpad
O43 - CFD: 01/11/2013 - 12:32:40 - [37,095] ----D C:\Program Files\Síntese
O43 - CFD: 05/02/2014 - 13:35:08 - [9,393] ----D C:\Program Files\Velocidade Do PC
O43 - CFD: 06/02/2014 - 10:22:47 - [0] ----D C:\ProgramData\CDB
O43 - CFD: 09/07/2012 - 18:57:38 - [0,081] ----D C:\ProgramData\OPPE
O43 - CFD: 24/02/2014 - 09:27:05 - [43,420] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 09/07/2012 - 15:14:51 - [0,002] ----D C:\Users\Dawidson\AppData\Roaming\BRySigner
O43 - CFD: 06/03/2013 - 11:16:49 - [0] ----D C:\Users\Dawidson\AppData\Roaming\DawningSoft
O43 - CFD: 22/02/2013 - 15:42:16 - [0] ----D C:\Users\Dawidson\AppData\Roaming\PCF
O43 - CFD: 05/07/2012 - 18:30:14 - [0,024] ----D C:\Users\Dawidson\AppData\Local\A.E.T. Europe B.V
O43 - CFD: 22/04/2013 - 14:55:42 - [0,004] ----D C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 26/02/2014 - 14:06:49 - [0,004] ----D C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
O43 - CFD: 01/08/2013 - 16:38:04 - [0,005] ----D C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 226 Legitimates Filtered in 01mn 05s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 04/04/2014 - 12:17:05 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52]
O44 - LFC:[MD5.13ABE1E5E0FC008D72412048EB7099A3] - 04/04/2014 - 18:53:07 ---A- . (...) -- C:\DelFix.txt [1597]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 07/04/2014 - 10:25:25 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.123A75BD3996F6082100FD4BCC85C21C] - 07/04/2014 - 10:56:57 ---A- . (...) -- C:\zoek-results.log [16732]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 07/04/2014 - 11:27:37 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.785E73499A8836547D7E3E1775C0058D] - 07/04/2014 - 11:34:00 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148862]
O44 - LFC:[MD5.CCD1B4DF2CF9EEF2D7CFCBEA4100BBC6] - 07/04/2014 - 11:34:00 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [711008]
O44 - LFC:[MD5.420A5D2DA68B2EB6C1011ECCACBA4861] - 07/04/2014 - 12:18:15 ---A- . (...) -- C:\sc-cleaner.txt [1804]
~ Files: 17 Legitimates Filtered in 00mn 11s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - asoelnch.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - bhca.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - cltlmh.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - cltrt.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - coinst.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - efainst.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - fmapp.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - hipservagent.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - instantbackup.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - instca.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - mbsstarter.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - mceca.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - mcui32.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - memeo.helper.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - memeodashboard.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - memeolauncher.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - memeolauncher2.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - memeorestore.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - memeosupport.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - memeoupdater.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - rthdvbg.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - rthdvcpl.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - rtkaudioservice.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - rtlupd.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - sevinst.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - skytel.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - srtsp_ca.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - symdgnhc.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - symimins.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - uistub.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - uninstall.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - vncutil.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - wfpunins.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
O50 - IFEO:Image File Execution Options - win32_process.exe - "C:\Program Files\Velocidade Do PC\PCSUSD.exe" /debugexe
~ IFEO: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{4c72347f-9b0b-11e1-9e81-806e6f6e6963}\AutoRun\command. (.IOB - No Comment.) -- E:\JSDVD.exe
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\CertificateRegistration [Key] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O53 - SMSR:HKLM\...\startupreg\Ink Monitor [Key] . (.Epson - Ink Monitor.) -- C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O53 - SMSR:HKLM\...\startupreg\PCSpeedUp [Key] . (...) -- C:\Program Files\Velocidade Do PC\PCSUNotifier.exe
~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.BDECE634F62B3656DE73D51CA8EA32A9] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:[MD5.7B948E3657BEA62E437BC46CA6EF6012] - 13/07/2012 - 07:47:41 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12112]
O58 - SDL:[MD5.272A3FD02BAF463D87365895D4BEB8D9] - 13/01/2014 - 22:18:47 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49248]
O58 - SDL:[MD5.EBACF4BEEEB5320D08A9FEF98F17E650] - 13/01/2014 - 22:18:47 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [175176]
O58 - SDL:[MD5.497E298C56768C54FB47F94C845297FD] - 29/05/2012 - 14:51:34 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 32bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [22944]
O58 - SDL:[MD5.C6618553FE9A3262C77574FFAE04AA79] - 16/04/2010 - 20:12:06 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [35384]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 07/04/2014 - 11:27:37 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.6C1618A07B49E3873582B6449E744088] - 19/09/2003 - 15:45:48 ---A- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- C:\Windows\System32\Drivers\pfc.sys [21248]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.01CE484FF6D70A39479BC6D619DE7ED6] - 22/06/2012 - 12:01:32 ---A- . (...) -- C:\Windows\System32\ESGScanner.sys [19984]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 21 Legitimates Filtered in 00mn 07s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 08/05/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 102 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.5CA3F4C526A7ED507D18EC019F1752EF] [SPRF][17/12/2013] (...) -- C:\Users\Dawidson\AppData\Roaming\unins000.dat [41787]
[MD5.1D23DA444E1747639CFA4B3BE816F2BB] [SPRF][31/03/2014] (...) -- C:\Users\Dawidson\Desktop\164-winzip180.exe [87873896]
[MD5.65660CCC283D39A450D3415D4BDA17B6] [SPRF][14/06/2013] (...) -- C:\Users\Dawidson\Desktop\LEXMARK_Pro200_wcr_32_en.exe [53781664]
~ Files: 3 Legitimates Filtered in 00mn 03s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "11131966A8F20594AA39152C1628CF53" . (.SafeSign.) -- C:\Windows\Installer\{66913111-2F8A-4950-AA93-51C26182FC35}\ARPPRODUCTICON.exe
O90 - PUC: "474360A5D9DAEFA4C8FC0A67CAFDF87D" . (.SafeSign.) -- C:\Windows\Installer\{5A063474-AD9D-4AFE-8CCF-A076ACDF8FD7}\ARPPRODUCTICON.exe
~ Update Products: 150 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0330EAB9EE8CD82EF13E173930518119] [WIS][21/01/2014] (.A.E.T. Europe B.V. - SafeSign.) -- C:\Windows\Installer\11b923.msi [6821376]
[MD5.C44DC46ABD11D04FDEEABFD27861C2F5] [WIS][05/07/2012] (.A.E.T. Europe B.V. - SafeSign.) -- C:\Windows\Installer\1c3788.msi [6828032]
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][31/03/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\48b10f4e.msi [3162112] =>PUP.SupraSavings
~ WIS: 153 Legitimates Filtered in 00mn 41s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}] (Groove Folder Synchronization) =>Trojan.FindFDSearch
[HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] (Groove GFS Browser Helper) =>Trojan.FindFDSearch
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
[HKCR\CLSID\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}] (SpecialSavings.Addon) =>PUP.SpecialSavings
~ BCK: 6925 Legitimates Filtered in 00mn 16s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 17/11/2009 87968 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe
SS - | Auto 17/07/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/07/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 12/05/2011 25824 | (MemeoBackgroundService) . (.Memeo.) - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
SS - | Demand 01/06/2011 14088 | (SeagateDashboardService) . (.Memeo.) - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
SS - | Demand 19/12/2012 732648 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 13/07/2011 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/01/2014 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/01/2014 136912 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 23/04/2010 514232 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 14/04/2010 193192 | (lxebCATSCustConnectService) . (.Lexmark International, Inc..) - C:\Windows\system32\spool\DRIVERS\W32X86\3\lxebserv.exe
SR - | Auto 14/04/2010 598696 | (lxeb_device) . (...) - C:\Windows\system32\lxebcoms.exe
SR - | Auto 05/03/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 05/03/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Demand 10/08/2011 138760 | (NIS) . (.Symantec Corporation.) - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
SR - | Auto 12/08/2011 1128952 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files\PDF Complete\pdfsvc.exe
SR - | Auto 31/01/2013 360640 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Scâner Aditional (088)
Database Version : 13044 - (07/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 11
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
[HKCU\Software\SupraSavings] =>PUP.SupraSavings^
[HKLM\Software\LevelQualityWatcher] =>PUP.LevelQualityWatcher^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
C:\Windows\Installer\48b10f4e.msi =>PUP.SupraSavings^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}] (Groove Folder Synchronization) =>Trojan.FindFDSearch^
[HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] (Groove GFS Browser Helper) =>Trojan.FindFDSearch^
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
[HKCR\CLSID\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}] (SpecialSavings.Addon) =>PUP.SpecialSavings^
C:\Users\Dawidson\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
~ Additionnel Scan: 337579 Items scanned in 01mn 07s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.RegHunter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.SpyHunter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.FindFDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Manager
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SpecialSavings
~ MSI: 6 link(s) detected in 00mn 00s
~ 1216 Legitimates filtered by white list
End of the scan (643 lines in 05mn 13s)(0)
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
Sugiro que desinstale este RegHunter e também o SpyHunter, que são desnecessários.
_______________________________________________________________________________________
Estão constando dois antivirus no seu PC: Norton Internet Security e Avast. Seja bom desinstalar um dos dois, pois mais de um antivirus pode causar conflitos e lentidão no computador.
_______________________________________________________________________________________
Você usa este programa abaixo? Sabe do que se trata?
C:\Program Files\Velocidade Do PC
_______________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_______________________________________________________________________________________
Estão constando dois antivirus no seu PC: Norton Internet Security e Avast. Seja bom desinstalar um dos dois, pois mais de um antivirus pode causar conflitos e lentidão no computador.
_______________________________________________________________________________________
Você usa este programa abaixo? Sabe do que se trata?
C:\Program Files\Velocidade Do PC
_______________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Seg 07 Abr 2014, 17:32, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Virus no PC,que abrem paginas não solicitadas
Programas desnecessários desinstalados...Norton Internet Security, desinstalado, (com dificuldade...eita programa ruim de retirar) rsrs "Velocidade do Pc desinstalado..
Rapport de ZHPFix 2014.4.6.1 par Nicolas Coolman, Update du 06/04/2014
Fichier d'export Registre :
Run by Dawidson at 07/04/2014 14:50:26
High Elevated Privileges : OK
Windows Vista Starter Edition, 32-bit (Build 6000)
Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
ELIMINÉ: HKCU\Software\SupraSavings
ELIMINÉ: HKLM\Software\LevelQualityWatcher
ELIMINÉ: HKLM\Software\suprasavings
ELIMINÉ: HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}
ELIMINÉ: HKCR\CLSID\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
ELIMINÉ RunValue: swg
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\dawidson\desktop\continue winzip installation.lnk
ELIMINA REINICIAR: c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
ELIMINÉ: C:\Windows\Installer\48b10f4e.msi
ELIMINÉ Temporários windows (124) (2.499.087 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Chaves do Registo
8 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 51s
========== Caminho do ficheiro do relatório ==========
C:\Users\Dawidson\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/04/2014 14:50:31 [1700]
Rapport de ZHPFix 2014.4.6.1 par Nicolas Coolman, Update du 06/04/2014
Fichier d'export Registre :
Run by Dawidson at 07/04/2014 14:50:26
High Elevated Privileges : OK
Windows Vista Starter Edition, 32-bit (Build 6000)
Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
ELIMINÉ: HKCU\Software\SupraSavings
ELIMINÉ: HKLM\Software\LevelQualityWatcher
ELIMINÉ: HKLM\Software\suprasavings
ELIMINÉ: HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}
ELIMINÉ: HKCR\CLSID\{BB184E6D-26D1-461A-9226-B93CA8DA2AF9}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
ELIMINÉ RunValue: swg
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\dawidson\desktop\continue winzip installation.lnk
ELIMINA REINICIAR: c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
ELIMINÉ: C:\Windows\Installer\48b10f4e.msi
ELIMINÉ Temporários windows (124) (2.499.087 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Chaves do Registo
8 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 51s
========== Caminho do ficheiro do relatório ==========
C:\Users\Dawidson\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/04/2014 14:50:31 [1700]
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Virus no PC,que abrem paginas não solicitadas
Power Max escreveu: Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Relatório do ZHPDiag v2014.4.7.7 - Nicolas Coolman (07/04/2014)
~ Iniciado por Dawidson (07/04/2014 16:07:22)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16521
GCIE: Google Chrome v33.0.1750.154 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1603.0
Malwarebytes Anti-Malware versão 2.00.0.1000
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.11 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1636 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 370 GB (81%) free of 454 GB
---\\ Modo de conexão ao sistema
~ Computer Name: DAWIDSON-HP
~ User Name: Dawidson
~ All Users Names: Dawidson, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Dawidson\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Dawidson\AppData\Roaming\
~ %Desktop% : C:\Users\Dawidson\Desktop\
~ %Favorites% : C:\Users\Dawidson\Favorites\
~ %LocalAppData% : C:\Users\Dawidson\AppData\Local\
~ %StartMenu% : C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 370 Go of 454 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 11 Go)
E: CD-ROM drive (Free 0 Go of 4 Go)
F: Hard drive, Flash drive, Thumb drive (Free 175 Go of 466 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 50 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.10/05/2012 - 20:54:16.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.AAFEAB4FC9D70253F8C7E353E879E8A2] - (.Microsoft Corporation - Internet Extensions para Win32.) (.28/02/2014 - 23:32:16.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 18:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.10/05/2012 - 20:55:25.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.C37AEE5966EB5929E2051AC7409B5730] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.10/05/2012 - 20:52:26.) -- C:\Windows\system32\Drivers\volsnap.sys [246144]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/6559
~ Mes musiques (My Musics) : 9/2696
~ Mes Videos (My Videos) : 1/219
~ Mes Favoris (My Favorites) : 1/182
~ Mes Documents (My Documents) : 2/7452
~ Mon Bureau (My Desktop) : 1/22
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 35s
---\\ Processos lançados
[MD5.EE0F9706AA378A99ABD902419693FEB9] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [7430968] [PID.3044]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3944]
[MD5.8F07B4AD504A2D2FAD1B923FCDAF9EAB] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5655184] [PID.3164]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\hpwuschd2.exe [49208] [PID.3704]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.2876]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.408]
[MD5.01012ABDC81C727B4725B1BDBEA02671] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4769352] [PID.3080]
[MD5.96B3C4E20F02CA16AA1E3E425BFFCC8B] - (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdc.exe [648072] [PID.2332]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.336]
[MD5.04F6CBD2BDAB19480F82AB255E56E9DB] - (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe [151552] [PID.148]
[MD5.51FFA164418B97B6B4CAFE5A0B7097B0] - (.No owner - Printer Device Monitor.) -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe [772712] [PID.484]
[MD5.C0053C87AEFDE64D6C0179BE7E1C393B] - (...) -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [150264] [PID.1064]
[MD5.39AF1CDEAFA4FC9D5185FBD9F4D141C4] - (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Dawidson\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800] [PID.3632]
[MD5.1553313A94B927B65FCD27635BF49866] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Dawidson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224] [PID.4112]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.4336] =>Toolbar.Google
[MD5.C861851A0BBD9903E324487011AA3705] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [299008] [PID.5756]
[MD5.D28C5A1411BB0B47E05E0D6AAF896690] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [299008] [PID.4464]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [859976] [PID.2524]
[MD5.77BD0166102F3B9BB9499B2952C3BCFA] - (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\wlmail.exe [92024] [PID.2184]
[MD5.F38B1A524D978B0734C807C1831E647B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8187392] [PID.4040]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Dawidson\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@nokia.com/EnablerPlugin] - (.No owner - Nokia Suite Enabler Plugin.) -- C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (...) -- C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
P2 - FPN: [HKCU] [@octoshape.com/Octoshape Streaming Services,version=1.0] - (.Octoshape ApS - Octoshape embedded video plugin.) -- C:\Users\Dawidson\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Dawidson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 15 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\Desktop [Public]: Experimente o HP MyRoom gratuitamente.lnk . (...) -- C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
O4 - GS\Desktop [Public]: HP+.lnk . (...) -- C:\Program Files\Hewlett-Packard\Shared\WizLink.exe
O4 - GS\Desktop [Public]: Juris Síntese DVD.lnk . (.IOB - No Comment.) -- E:\JSDVD.exe
O4 - GS\Desktop [Public]: Launch Lexmark Printer Home.LNK . (...) -- C:\Program Files\Lexmark\Dashboard\LX__Dashboard.exe
O4 - GS\Desktop [Public]: Magic Desktop.lnk . (.EasyBits Software AS - EasyBits Security Shield.) -- C:\Program Files\EasyBits For Kids\ezSecShield.exe =>.EasyBits Software AS
O4 - GS\Desktop [Public]: PhotoImpression 5.lnk . (.ArcSoft Inc. - PhotoImpression.) -- C:\Program Files\ArcSoft\PhotoImpression 5\photoimpression.exe
O4 - GS\Desktop [Public]: Receitanet 1.03 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: Seagate Dashboard.lnk . (...) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe
O4 - GS\Desktop [Public]: WinZip.lnk . (.WinZip Computing, S.L. - WinZip.) -- C:\Program Files\WinZip\WINZIP32.exe
O4 - GS\QuickLaunch [Dawidson]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Dawidson]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Dawidson]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Dawidson]: HP LinkUp Viewer.lnk . (.Hewlett-Packard Company - HP LinkUp Viewer.) -- C:\Program Files\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
O4 - GS\TaskBar [Dawidson]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Dawidson]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Dawidson]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Dawidson]: Administração de token.lnk . (.A.E.T. Europe B.V. - Token Administration Utility.) -- C:\Program Files\A.E.T. Europe B.V\SafeSign\Management Utility\tokenadmin.exe
O4 - GS\Desktop [Dawidson]: AGENDA.lnk . (...) -- C:\Users\Dawidson\AGENDA\agendadw.OR3
O4 - GS\Desktop [Dawidson]: Debit.lnk . (...) -- C:\Users\Dawidson\DEBIT\DEBIT2002\debit2000\Debit.exe
O4 - GS\Desktop [Dawidson]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Dawidson]: HP Support Assistant.lnk . (.Hewlett-Packard Company - HP Support Assistant.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe =>.Hewlett-Packard Co
O4 - GS\Desktop [Dawidson]: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe
O4 - GS\Desktop [Dawidson]: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
O4 - GS\Desktop [Dawidson]: SmartTRAK.lnk . (.SCUBAPRO - UWATEC SmartTRAK 2.0.8.0.) -- C:\Program Files\SmartTRAK\SmartTRAK.exe
O4 - GS\Desktop [Dawidson]: SpyHunter.lnk . (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe =>Crapware.SpyHunter
~ Global Startup: 75 Legitimates Filtered in 00mn 05s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [Easybits Recovery] . (.EasyBits Software AS - No Comment.) -- C:\Program Files\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst Control Center Launcher.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [20131121] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\2b81db55-db9d-44c9-89c5-7759c9f2881f.exe
O4 - HKLM\..\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files\PDF Complete\pdfsty.exe =>.PDF Complete Inc
O4 - HKLM\..\Run: [CertificateRegistration] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [lxebmon.exe] . (.No owner - Printer Device Monitor.) -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
O4 - HKLM\..\Run: [EzPrint] . (...) -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Dawidson\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Dawidson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_D09BADE66C247D7F66FE450263387F52] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3727109833-2989101044-291401390-1000\..\Run: [Octoshape Streaming Services] . (.Octoshape ApS - Main program for Octoshape client.) -- C:\Users\Dawidson\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
O4 - HKUS\S-1-5-21-3727109833-2989101044-291401390-1000\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Dawidson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-21-3727109833-2989101044-291401390-1000\..\Run: [GoogleChromeAutoLaunch_D09BADE66C247D7F66FE450263387F52] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Sincronização de Favoritos do ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B94EF42-DF5A-43E9-8C92-E4016A4B4B2F}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8B94EF42-DF5A-43E9-8C92-E4016A4B4B2F}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8B94EF42-DF5A-43E9-8C92-E4016A4B4B2F}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Banco Bradesco S.A. - scpIBLoad Module.) -- C:\Program Files\Scpad\scpLIB.dll
~ SSODL: 1 Legitimates Filtered in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
O23 - Service: lxeb_device (lxeb_device) . (.No owner - Printer Communication System.) - C:\Windows\system32\lxebcoms.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files\Scpad\scpVista.exe
~ Services: 17 Legitimates Filtered in 00mn 24s
---\\ Tarefas planificadas automaticamente (039)
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{15CF7B5A-56D3-4295-B522-531497209822}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{2CAF5574-A447-431A-84FF-B912DF57979F}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{3CB15777-4DCC-435C-96F5-DADB81A0E0D4}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{557A7F77-4E08-499D-9340-26FB1D0884F8}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{865091AF-585E-460A-9C87-016BB897914A}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.81FC93F67CB7582FA9651F29DE66EC8F] [APT] [{AD7C905C-9E5A-4060-8814-BC1AAA1426E9}] (.SCUBAPRO.) -- C:\Users\Dawidson\Documents\Meus arquivos recebidos\install_esp.exe [6809231]
[MD5.2445F9C6CD4B096A71626A51AE601918] [APT] [{D6CDD9A6-3F56-4EE5-BE08-0255D0168625}] (.IOB.) -- E:\JSDVD.exe [294912]
[MD5.A33B6492086D1F03CCB029BCF39132C3] [APT] [{E6CED86C-7D22-43D7-B571-190A9A28DA5E}] (...) -- C:\Arquivos de Programas RFB\IRPF2013\IRPF2013.exe [31232]
~ Scheduled Task: 32 Legitimates Filtered in 00mn 16s
---\\ Software instalados (042)
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Ink Monitor - (...) [HKLM] -- Ink Monitor
O42 - Logiciel: Juris Síntese DVD - (.Síntese.) [HKLM] -- {66281488-FDE8-4C16-A0B3-68649E1EBEBB}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {5A063474-AD9D-4AFE-8CCF-A076ACDF8FD7}
O42 - Logiciel: SafeSign - (.A.E.T. Europe B.V..) [HKLM] -- {66913111-2F8A-4950-AA93-51C26182FC35}
~ Logic: 41 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\AutoPrntApp]
[HKCU\Software\DVDJSIOB]
[HKCU\Software\GbAs]
[HKLM\Software\A.E.T. Europe B.V.]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Control]
[HKLM\Software\DVDJSIOB]
[HKLM\Software\S]
~ Key Software: 320 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/04/2014 - 18:39:29 - [0] ----D C:\Program Files\003
O43 - CFD: 05/07/2012 - 18:16:15 - [9,225] ----D C:\Program Files\A.E.T. Europe B.V
O43 - CFD: 06/03/2013 - 11:10:05 - [24,972] ----D C:\Program Files\DawningSoft
O43 - CFD: 06/03/2013 - 16:02:37 - [8,843] ----D C:\Program Files\Programas RFB
O43 - CFD: 05/04/2013 - 11:38:18 - [12,662] ----D C:\Program Files\QualiSoft
O43 - CFD: 20/01/2014 - 10:12:03 - [2,675] ----D C:\Program Files\Scpad
O43 - CFD: 01/11/2013 - 12:32:40 - [37,095] ----D C:\Program Files\Síntese
O43 - CFD: 06/02/2014 - 10:22:47 - [0] ----D C:\ProgramData\CDB
O43 - CFD: 09/07/2012 - 18:57:38 - [0,081] ----D C:\ProgramData\OPPE
O43 - CFD: 24/02/2014 - 09:27:05 - [43,420] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 09/07/2012 - 15:14:51 - [0,002] ----D C:\Users\Dawidson\AppData\Roaming\BRySigner
O43 - CFD: 06/03/2013 - 11:16:49 - [0] ----D C:\Users\Dawidson\AppData\Roaming\DawningSoft
O43 - CFD: 22/02/2013 - 15:42:16 - [0] ----D C:\Users\Dawidson\AppData\Roaming\PCF
O43 - CFD: 05/07/2012 - 18:30:14 - [0,024] ----D C:\Users\Dawidson\AppData\Local\A.E.T. Europe B.V
O43 - CFD: 22/04/2013 - 14:55:42 - [0,004] ----D C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 26/02/2014 - 14:06:49 - [0,004] ----D C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
O43 - CFD: 01/08/2013 - 16:38:04 - [0,005] ----D C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 221 Legitimates Filtered in 01mn 48s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] - 04/04/2014 - 12:17:05 ---A- . (...) -- C:\Windows\System32\DOErrors.log [52]
O44 - LFC:[MD5.13ABE1E5E0FC008D72412048EB7099A3] - 04/04/2014 - 18:53:07 ---A- . (...) -- C:\DelFix.txt [1597]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 07/04/2014 - 10:25:25 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.123A75BD3996F6082100FD4BCC85C21C] - 07/04/2014 - 10:56:57 ---A- . (...) -- C:\zoek-results.log [16732]
O44 - LFC:[MD5.420A5D2DA68B2EB6C1011ECCACBA4861] - 07/04/2014 - 12:18:15 ---A- . (...) -- C:\sc-cleaner.txt [1804]
O44 - LFC:[MD5.5AD77E3221AD14686FA5492D86E942CB] - 07/04/2014 - 14:03:18 ---A- . (...) -- C:\Windows\DPINST.LOG [3404]
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 07/04/2014 - 14:38:37 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.785E73499A8836547D7E3E1775C0058D] - 07/04/2014 - 14:43:40 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148862]
O44 - LFC:[MD5.CCD1B4DF2CF9EEF2D7CFCBEA4100BBC6] - 07/04/2014 - 14:43:40 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [711008]
~ Files: 21 Legitimates Filtered in 00mn 28s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{4c72347f-9b0b-11e1-9e81-806e6f6e6963}\AutoRun\command. (.IOB - No Comment.) -- E:\JSDVD.exe
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\CertificateRegistration [Key] . (.A.E.T. Europe B.V. - Certificate Expiration Check Utility.) -- C:\Windows\System32\aetcrss1.exe
O53 - SMSR:HKLM\...\startupreg\Ink Monitor [Key] . (.Epson - Ink Monitor.) -- C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O53 - SMSR:HKLM\...\startupreg\PCSpeedUp [Key] . (...) -- C:\Program Files\Velocidade Do PC\PCSUNotifier.exe (.not file.)
~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.BDECE634F62B3656DE73D51CA8EA32A9] - 31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:[MD5.7B948E3657BEA62E437BC46CA6EF6012] - 13/07/2012 - 07:47:41 ---A- . (.ALWIL Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\Drivers\aswNdis.sys [12112]
O58 - SDL:[MD5.272A3FD02BAF463D87365895D4BEB8D9] - 13/01/2014 - 22:18:47 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49248]
O58 - SDL:[MD5.EBACF4BEEEB5320D08A9FEF98F17E650] - 13/01/2014 - 22:18:47 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [175176]
O58 - SDL:[MD5.497E298C56768C54FB47F94C845297FD] - 29/05/2012 - 14:51:34 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 32bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [22944]
O58 - SDL:[MD5.C6618553FE9A3262C77574FFAE04AA79] - 16/04/2010 - 20:12:06 ---A- . (...) -- C:\Windows\System32\Drivers\cqcpu.sys [35384]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 07/04/2014 - 14:38:37 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\System32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.6C1618A07B49E3873582B6449E744088] - 19/09/2003 - 15:45:48 ---A- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- C:\Windows\System32\Drivers\pfc.sys [21248]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.01CE484FF6D70A39479BC6D619DE7ED6] - 22/06/2012 - 12:01:32 ---A- . (...) -- C:\Windows\System32\ESGScanner.sys [19984]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 21 Legitimates Filtered in 00mn 07s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 08/05/2013 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 102 Legitimates Filtered in 00mn 01s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.5CA3F4C526A7ED507D18EC019F1752EF] [SPRF][17/12/2013] (...) -- C:\Users\Dawidson\AppData\Roaming\unins000.dat [41787]
[MD5.1D23DA444E1747639CFA4B3BE816F2BB] [SPRF][31/03/2014] (...) -- C:\Users\Dawidson\Desktop\164-winzip180.exe [87873896]
[MD5.65660CCC283D39A450D3415D4BDA17B6] [SPRF][14/06/2013] (...) -- C:\Users\Dawidson\Desktop\LEXMARK_Pro200_wcr_32_en.exe [53781664]
~ Files: 3 Legitimates Filtered in 00mn 03s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "11131966A8F20594AA39152C1628CF53" . (.SafeSign.) -- C:\Windows\Installer\{66913111-2F8A-4950-AA93-51C26182FC35}\ARPPRODUCTICON.exe
O90 - PUC: "474360A5D9DAEFA4C8FC0A67CAFDF87D" . (.SafeSign.) -- C:\Windows\Installer\{5A063474-AD9D-4AFE-8CCF-A076ACDF8FD7}\ARPPRODUCTICON.exe
~ Update Products: 149 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.0330EAB9EE8CD82EF13E173930518119] [WIS][21/01/2014] (.A.E.T. Europe B.V. - SafeSign.) -- C:\Windows\Installer\11b923.msi [6821376]
[MD5.C44DC46ABD11D04FDEEABFD27861C2F5] [WIS][05/07/2012] (.A.E.T. Europe B.V. - SafeSign.) -- C:\Windows\Installer\1c3788.msi [6828032]
~ WIS: 150 Legitimates Filtered in 00mn 32s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}] (Groove Folder Synchronization) =>Trojan.FindFDSearch
[HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] (Groove GFS Browser Helper) =>Trojan.FindFDSearch
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager
~ BCK: 6917 Legitimates Filtered in 00mn 21s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 12/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe
SS - | Auto 17/07/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/07/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 13/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 19/12/2012 732648 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/11/2009 87968 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
SR - | Auto 13/07/2011 176128 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 13/01/2014 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/01/2014 136912 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 23/04/2010 514232 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 14/04/2010 193192 | (lxebCATSCustConnectService) . (.Lexmark International, Inc..) - C:\Windows\system32\spool\DRIVERS\W32X86\3\lxebserv.exe
SR - | Auto 14/04/2010 598696 | (lxeb_device) . (...) - C:\Windows\system32\lxebcoms.exe
SR - | Auto 05/03/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 05/03/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 10/08/2011 138760 | (NIS) . (.Symantec Corporation.) - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
SR - | Auto 12/08/2011 1128952 | (pdfcDispatcher) . (.PDF Complete Inc.) - C:\Program Files\PDF Complete\pdfsvc.exe
SR - | Auto 31/01/2013 360640 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files\Scpad\scpVista.exe
SR - | Auto 01/06/2011 14088 | (SeagateDashboardService) . (.Memeo.) - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 24s
---\\ Scâner Aditional (088)
Database Version : 13044 - (07/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 5
C:\Users\Dawidson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
[HKCR\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}] (Groove Folder Synchronization) =>Trojan.FindFDSearch^
[HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] (Groove GFS Browser Helper) =>Trojan.FindFDSearch^
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
C:\Users\Dawidson\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
~ Additionnel Scan: 335816 Items scanned in 00mn 53s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.SpyHunter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.FindFDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Manager
~ MSI: 3 link(s) detected in 00mn 00s
~ 1206 Legitimates filtered by white list
End of the scan (580 lines in 06mn 23s)(0)
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Seg 07 Abr 2014, 17:31, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Virus no PC,que abrem paginas não solicitadas
Rapport de ZHPFix 2014.4.7.2 par Nicolas Coolman, Update du 07/04/2014
Fichier d'export Registre :
Run by Dawidson at 07/04/2014 16:38:47
High Elevated Privileges : OK
Windows Vista Starter Edition, 32-bit (Build 6000)
Reciclagem vazia (00mn 04s)
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
========== Chaves do Registo ==========
ELIMINÉ: StartupReg: PCSpeedUp
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\dawidson\desktop\spyhunter.lnk
ELIMINÉ: c:\program files\enigma software group\spyhunter\spyhunter4.exe
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
1 : Chaves do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 54s
========== Caminho do ficheiro do relatório ==========
C:\Users\Dawidson\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/04/2014 14:50:31 [1783]
C:\Users\Dawidson\AppData\Roaming\ZHP\ZHPFix[R2].txt - 07/04/2014 16:38:51 [1204]
Fichier d'export Registre :
Run by Dawidson at 07/04/2014 16:38:47
High Elevated Privileges : OK
Windows Vista Starter Edition, 32-bit (Build 6000)
Reciclagem vazia (00mn 04s)
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
========== Chaves do Registo ==========
ELIMINÉ: StartupReg: PCSpeedUp
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\dawidson\desktop\spyhunter.lnk
ELIMINÉ: c:\program files\enigma software group\spyhunter\spyhunter4.exe
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
1 : Chaves do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 54s
========== Caminho do ficheiro do relatório ==========
C:\Users\Dawidson\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/04/2014 14:50:31 [1783]
C:\Users\Dawidson\AppData\Roaming\ZHP\ZHPFix[R2].txt - 07/04/2014 16:38:51 [1204]
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
Como está o PC após estas limpezas?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Virus no PC,que abrem paginas não solicitadas
Está rápido e, aparentemente, sem vírus...Aqueles indícios de vírus sumiram. :rindo_ate_agorPower Max escreveu:Como está o PC após estas limpezas?
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
Fico feliz que o problema tenha sido resolvido.
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Virus no PC,que abrem paginas não solicitadas
Power Max escreveu: Fico feliz que o problema tenha sido resolvido.
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Muitíssimo obrigado ! VALEU !!
Dawidson- Membro
- Mensagens : 66
Reputação : 0
Data de inscrição : 06/02/2014
Idade : 66
Localização : Embu das Artes
Re: Virus no PC,que abrem paginas não solicitadas
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes
» Apps do W8 não abrem!
» Janelas que abrem sozinhas
» Coisas abrem do nada no meu pc
» Meus programas Torrent não abrem!
» Firefox e Chrome: Quando abrem fecham instantaneamente!
» Janelas que abrem sozinhas
» Coisas abrem do nada no meu pc
» Meus programas Torrent não abrem!
» Firefox e Chrome: Quando abrem fecham instantaneamente!
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|