Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 10 usuários online :: 0 registrados, 0 invisíveis e 10 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Malwarebytes detectou alguns problemas!
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 18:14
Gostaria de saber se existe algum arquivo importante(que foi infectado),se posso colocar tds na quarentena e depois exclui-los permanentemente...
Segue o log
Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.04.30.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Principal :: PRINCIPAL-PC [administrador]
29/04/2014 22:58:00
mbam-log-2014-04-29 (22-58-00).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 276492
Tempo decorrido: 1 hora(s), 1 minuto(s), 42 segundo(s)
Processos de Memória Detectados: 1
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (PUP.Optional.Spigot.A) -> 1604 -> Será deletado na próxima inicialização.
Módulos de Memória Detectados: 1
C:\Program Files\Common Files\Spigot\Search Settings\wth180.dll (PUP.Optional.Spigot.A) -> Será deletado na próxima inicialização.
Chaves de Registro Detectadas: 1
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0M1H1OtGtAtH1R1R1K2ZtF0J -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Optional.Spigot.A) -> Data: 1 -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchSettings (PUP.Optional.Spigot.A) -> Data: "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" -> Enviado para a Quarentena e deletado com sucesso.
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 9
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0 (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0 (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings (PUP.Optional.Spigot.A) -> Será deletado na próxima inicialização.
C:\Program Files\Common Files\Spigot\Search Settings\Lang (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Res (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
Arquivos Detectados: 33
C:\Users\Principal\Desktop\4shared_Desktop_3.1.0.exe (PUP.Optional.4Shared) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\background.html (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\config.json (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\manifest.json (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-128.png (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-48.png (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\background.js (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\loader_1036.js (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\utils.js (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-128.png (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-19.png (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-48.png (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\background.js (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\manifest.json (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\config.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\searchcom_ff.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\searchcom_ie.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (PUP.Optional.Spigot.A) -> Será deletado na próxima inicialização.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\wth180.dll (PUP.Optional.Spigot.A) -> Será deletado na próxima inicialização.
C:\Program Files\Common Files\Spigot\Search Settings\wthx180.dll (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\yahoo_ff.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\yahoo_ie.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
Segue o log
Malwarebytes Anti-Malware 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.04.30.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Principal :: PRINCIPAL-PC [administrador]
29/04/2014 22:58:00
mbam-log-2014-04-29 (22-58-00).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 276492
Tempo decorrido: 1 hora(s), 1 minuto(s), 42 segundo(s)
Processos de Memória Detectados: 1
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (PUP.Optional.Spigot.A) -> 1604 -> Será deletado na próxima inicialização.
Módulos de Memória Detectados: 1
C:\Program Files\Common Files\Spigot\Search Settings\wth180.dll (PUP.Optional.Spigot.A) -> Será deletado na próxima inicialização.
Chaves de Registro Detectadas: 1
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0M1H1OtGtAtH1R1R1K2ZtF0J -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Optional.Spigot.A) -> Data: 1 -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchSettings (PUP.Optional.Spigot.A) -> Data: "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" -> Enviado para a Quarentena e deletado com sucesso.
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 9
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0 (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0 (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings (PUP.Optional.Spigot.A) -> Será deletado na próxima inicialização.
C:\Program Files\Common Files\Spigot\Search Settings\Lang (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Res (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
Arquivos Detectados: 33
C:\Users\Principal\Desktop\4shared_Desktop_3.1.0.exe (PUP.Optional.4Shared) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\background.html (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\config.json (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\manifest.json (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-128.png (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-48.png (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\background.js (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\loader_1036.js (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\utils.js (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-128.png (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-19.png (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-48.png (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\background.js (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\manifest.json (PUP.Optional.SlickSavings.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\config.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\searchcom_ff.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\searchcom_ie.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (PUP.Optional.Spigot.A) -> Será deletado na próxima inicialização.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\wth180.dll (PUP.Optional.Spigot.A) -> Será deletado na próxima inicialização.
C:\Program Files\Common Files\Spigot\Search Settings\wthx180.dll (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\yahoo_ff.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\yahoo_ie.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 18:17
Todos estes que o Malwarebytes detectou podem ser excluídos definitivamente.
________________________________________________________________
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
________________________________________________________________
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 18:47
Vlw pela dica power Max,se a pessoa deixar os arquivos infectados na quarentena por Ex:1 ano,pode trazer algum dano ao pc?
Segue o log do adwcleaner
# AdwCleaner v3.205 - Relatório criado 30/04/2014 às 18:37:56
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuário : Principal - PRINCIPAL-PC
# Executando de : C:\Users\Principal\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : Application Updater
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files\Application Updater
Pasta Deletada : C:\Program Files\IObit Apps Toolbar
Pasta Deletada : C:\Program Files\Common Files\Spigot
Pasta Deletada : C:\Users\Principal\AppData\LocalLow\Search Settings
Pasta Deletada : C:\Users\Principal\AppData\Roaming\Babylon
Pasta Deletada : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Pasta Deletada : C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Arquivo Deletada : C:\Users\Principal\Documents\Uninstall.exe
Arquivo Deletada : C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\user.js
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Chave Deletedo : HKCU\Software\Search Settings
Chave Deletedo : HKCU\Software\AppDataLow\Software\Search Settings
Chave Deletedo : HKLM\Software\Application Updater
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\Search Settings
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v25.0.1 (pt-BR)
[ Arquivo : C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\prefs.js ]
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.id", "1c98be94000000000000000000000000");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15560");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=3212_2");
Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.610:22:30");
[ Arquivo : C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\prefs.js ]
[ Arquivo : C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Deletedo [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deletedo [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deletedo [Extension] : pfndaklgolladniicklehhancnlgocpp
*************************
AdwCleaner[R0].txt - [5809 octets] - [30/04/2014 18:35:30]
AdwCleaner[S0].txt - [5830 octets] - [30/04/2014 18:37:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5890 octets] ##########
Segue o log do adwcleaner
# AdwCleaner v3.205 - Relatório criado 30/04/2014 às 18:37:56
# Atualizado 28/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuário : Principal - PRINCIPAL-PC
# Executando de : C:\Users\Principal\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : Application Updater
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files\Application Updater
Pasta Deletada : C:\Program Files\IObit Apps Toolbar
Pasta Deletada : C:\Program Files\Common Files\Spigot
Pasta Deletada : C:\Users\Principal\AppData\LocalLow\Search Settings
Pasta Deletada : C:\Users\Principal\AppData\Roaming\Babylon
Pasta Deletada : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Pasta Deletada : C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Arquivo Deletada : C:\Users\Principal\Documents\Uninstall.exe
Arquivo Deletada : C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\user.js
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Chave Deletedo : HKCU\Software\Search Settings
Chave Deletedo : HKCU\Software\AppDataLow\Software\Search Settings
Chave Deletedo : HKLM\Software\Application Updater
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\Search Settings
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v25.0.1 (pt-BR)
[ Arquivo : C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\prefs.js ]
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.id", "1c98be94000000000000000000000000");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15560");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=3212_2");
Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.610:22:30");
[ Arquivo : C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\prefs.js ]
[ Arquivo : C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Deletedo [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
Deletedo [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deletedo [Extension] : pfndaklgolladniicklehhancnlgocpp
*************************
AdwCleaner[R0].txt - [5809 octets] - [30/04/2014 18:35:30]
AdwCleaner[S0].txt - [5830 octets] - [30/04/2014 18:37:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5890 octets] ##########
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 18:50
Pode deixar na quarentena o tempo que quiser. Só que alguns programas tem um limite de armazenamento de arquivos na quarentena. Aí neste caso quando a quarentena enche, o programa avisa que ela está cheia ou então ele dá um erro na hora de enviar mais arquivos para lá. Aí é só excluir um pouco dos arquivos da quarentena ou todos eles se a pessoa preferir. Mas o ideal é sempre enviar para a quarentena e deixar os arquivos lá por um tempo para você ver se farão falta no sistema ou não. Aí se o PC estiver funcionando normalmente sem eles depois de alguns dias já se pode excluir definitivamente.Se a pessoa deixar os arquivos infectados na quarentena por Ex:1 ano,pode trazer algum dano ao pc?
________________________________________________________________________
Desative temporariamente seu antivírus para evitar conflitos.* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 19:33
Estou esperando acabar esse procedimento orientado por vc,porém n consegui executar como administrador e esta demorando mto,acho q ocorreu algum erro tive que entrar em outo pc para postar
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 19:40
Tem vezes que ele trava, mas é só você olhar a luz que indica a atividade do processador para ver se o Zoek está mesmo escaneando ou se está travado.
Deixe a proteção residente de seu antivirus desativada para que o escaneamento do Zoek seja mais rápido.
Se mesmo assim ele continuar travado, é só você reiniciar o PC e fazer o procedimento novamente.
Se mesmo assim não der, é só iniciar o PC no modo seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede. E aí quando o PC estiver no modo seguro com rede você faz a limpeza com o Zoek como lhe disse.
Deixe a proteção residente de seu antivirus desativada para que o escaneamento do Zoek seja mais rápido.
Se mesmo assim ele continuar travado, é só você reiniciar o PC e fazer o procedimento novamente.
Se mesmo assim não der, é só iniciar o PC no modo seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede. E aí quando o PC estiver no modo seguro com rede você faz a limpeza com o Zoek como lhe disse.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 20:36
Demorou,deu algum problema porém depois voltou, n entendi porq meu navegador chrome n estava funcionando como antes,só agora consegui entrar no site.
Com os resultados desses programas da para saber se meu pc esta protegido de ameaças perigosas?
Se poder me indica um antivírus bom p usar no pc com um tutorial,como falei anteriormente,meu pc n esta travando nem apresentando erros,passei o malwarebytes e detectou alguns vírus,agradeço pela paciência e ajuda,fico no aguardo,aa em relação aos programas q foram baixados podem tira-los ou deixar no pc...
Segue o log
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Principal on 30/04/2014 at 19:05:26,50.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Principal\Downloads\zoek (1).exe [Scan all users] [Script inserted]
==== System Restore Info ======================
30/04/2014 19:08:55 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2751142220-4110473743-906303487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{471E9CB9-F277-4540-8370-F9538D0EFF29} deleted successfully
HKEY_USERS\S-1-5-21-2751142220-4110473743-906303487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{75CACA68-A462-438C-8564-554B4B5B6040} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\prefs.js:
user_pref("browser.startup.homepage", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Added to C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\prefs.js:
user_pref("browser.startup.homepage", "http://br.search.yahoo.com?type=668083&fr=spigot-yhp-ff");
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Added to C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\prefs.js:
user_pref("browser.startup.homepage", "http://br.search.yahoo.com?type=668083&fr=spigot-yhp-ff");
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Added to C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default
user.js not found
---- Lines enabledAddons" modified from prefs.js ----
user_pref("extensions.enabledAddons", "newtaburl%40sogame.cat:2.2.3,ascsurfingprotection%40iobit.com:1.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25
---- Lines installCache" modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So
---- FireFox user.js and prefs.js backups ----
prefs_042014_1949_.backup
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default
user.js not found
---- Lines enabledAddons" modified from prefs.js ----
user_pref("extensions.enabledAddons", "{972ce4c6-7e08-4474-a285-3208198ce6fd}:13.0");
---- Lines installCache" modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So
---- FireFox user.js and prefs.js backups ----
prefs_042014_1949_.backup
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_042014_1949_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted
C:\PROGRA~2\Babylon deleted
C:\Users\Principal\AppData\LocalLow\IObit Apps deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Search Settings deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\-search deleted
C:\user.js deleted
"C:\Windows\Installer\18546.msi" deleted
"C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\extensions\iobitapps@mybrowserbar.com" deleted
"C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\extensions\iobitapps@mybrowserbar.com" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04/04/2014 21:36]
==== Firefox Extensions ======================
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default
- Advanced SystemCare Surfing Protection - C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\extensions\ascsurfingprotection@iobit.com
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- NewTabURL - %ProfilePath%\extensions\newtaburl@sogame.cat.xpi
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default
- Advanced SystemCare Surfing Protection - C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\extensions\ascsurfingprotection@iobit.com
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
3220B1254AEF7A191187EC03F51B3D61 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
B2576571746839180833E048AC2CCA5C - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx[11/08/2012 11:45]
Google Docs - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Advanced SystemCare Surfing Protection - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Google Wallet - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Principal\Desktop\Ares.lnk - C:\Program Files\Ares\Ares.exe
C:\Users\Principal\Desktop\DVD Shrink 3.2.lnk - C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\Principal\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Principal\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Principal\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Principal\Desktop\Sumicity.lnk -
C:\Users\Principal\Desktop\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Principal\Desktop\Games\Paciência Spider.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced SystemCare 6.lnk - C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\PowerDVD.lnk - C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
C:\Users\Public\Desktop\Uninstaller.lnk - C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\87131C842E46469499727BA14070D480 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{48C13178-64E2-4964-9927-B71A04074D08} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\87131C842E46469499727BA14070D480 deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Principal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Principal\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Principal\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Principal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Principal\AppData\Local\Mozilla\Firefox\Profiles\o2bthflo.default\Cache emptied successfully
C:\Users\Principal\AppData\Local\Mozilla\Firefox\Profiles\vp0mmt3a.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=10 folders=11 4610369 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Principal\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\PRINCI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Principal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 30/04/2014 at 20:10:28,17 ======================
Com os resultados desses programas da para saber se meu pc esta protegido de ameaças perigosas?
Se poder me indica um antivírus bom p usar no pc com um tutorial,como falei anteriormente,meu pc n esta travando nem apresentando erros,passei o malwarebytes e detectou alguns vírus,agradeço pela paciência e ajuda,fico no aguardo,aa em relação aos programas q foram baixados podem tira-los ou deixar no pc...
Segue o log
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Principal on 30/04/2014 at 19:05:26,50.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Principal\Downloads\zoek (1).exe [Scan all users] [Script inserted]
==== System Restore Info ======================
30/04/2014 19:08:55 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2751142220-4110473743-906303487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{471E9CB9-F277-4540-8370-F9538D0EFF29} deleted successfully
HKEY_USERS\S-1-5-21-2751142220-4110473743-906303487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{75CACA68-A462-438C-8564-554B4B5B6040} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\prefs.js:
user_pref("browser.startup.homepage", "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Added to C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\prefs.js:
user_pref("browser.startup.homepage", "http://br.search.yahoo.com?type=668083&fr=spigot-yhp-ff");
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Added to C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\prefs.js:
user_pref("browser.startup.homepage", "http://br.search.yahoo.com?type=668083&fr=spigot-yhp-ff");
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "http://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Added to C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default
user.js not found
---- Lines enabledAddons" modified from prefs.js ----
user_pref("extensions.enabledAddons", "newtaburl%40sogame.cat:2.2.3,ascsurfingprotection%40iobit.com:1.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25
---- Lines installCache" modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So
---- FireFox user.js and prefs.js backups ----
prefs_042014_1949_.backup
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default
user.js not found
---- Lines enabledAddons" modified from prefs.js ----
user_pref("extensions.enabledAddons", "{972ce4c6-7e08-4474-a285-3208198ce6fd}:13.0");
---- Lines installCache" modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST So
---- FireFox user.js and prefs.js backups ----
prefs_042014_1949_.backup
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_042014_1949_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted
C:\PROGRA~2\Babylon deleted
C:\Users\Principal\AppData\LocalLow\IObit Apps deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Search Settings deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\-search deleted
C:\user.js deleted
"C:\Windows\Installer\18546.msi" deleted
"C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\extensions\iobitapps@mybrowserbar.com" deleted
"C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\extensions\iobitapps@mybrowserbar.com" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04/04/2014 21:36]
==== Firefox Extensions ======================
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default
- Advanced SystemCare Surfing Protection - C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\extensions\ascsurfingprotection@iobit.com
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
- NewTabURL - %ProfilePath%\extensions\newtaburl@sogame.cat.xpi
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default
- Advanced SystemCare Surfing Protection - C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\extensions\ascsurfingprotection@iobit.com
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
ProfilePath: C:\Users\PRINCI~1\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
3220B1254AEF7A191187EC03F51B3D61 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
B2576571746839180833E048AC2CCA5C - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
C548328E9DE5EB73350EF292D7140662 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx[11/08/2012 11:45]
Google Docs - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Advanced SystemCare Surfing Protection - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Google Wallet - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Principal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Principal\Desktop\Ares.lnk - C:\Program Files\Ares\Ares.exe
C:\Users\Principal\Desktop\DVD Shrink 3.2.lnk - C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\Principal\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Principal\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Principal\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Principal\Desktop\Sumicity.lnk -
C:\Users\Principal\Desktop\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Principal\Desktop\Games\Paciência Spider.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced SystemCare 6.lnk - C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\PowerDVD.lnk - C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
C:\Users\Public\Desktop\Uninstaller.lnk - C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Principal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\87131C842E46469499727BA14070D480 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{48C13178-64E2-4964-9927-B71A04074D08} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\87131C842E46469499727BA14070D480 deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Principal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Principal\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Principal\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Principal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Principal\AppData\Local\Mozilla\Firefox\Profiles\o2bthflo.default\Cache emptied successfully
C:\Users\Principal\AppData\Local\Mozilla\Firefox\Profiles\vp0mmt3a.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=10 folders=11 4610369 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Principal\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\PRINCI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Principal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 30/04/2014 at 20:10:28,17 ======================
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 20:39
Quando terminarmos as limpezas eu respondo suas dúvidas.
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Baixe o programa Junkware Removal Tool no link abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 21:01
Segue o log
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Principal on 30/04/2014 at 20:45:30,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Principal\AppData\Roaming\mozilla\firefox\profiles\o2bthflo.default\minidumps [32 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/04/2014 at 20:52:26,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Principal on 30/04/2014 at 20:45:30,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95525BD9-6136-4A26-8263-9CEE295D442D}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Principal\AppData\Roaming\mozilla\firefox\profiles\o2bthflo.default\minidumps [32 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/04/2014 at 20:52:26,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 21:03
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 21:16
Segue o log
~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por Principal (30/04/2014 21:12:33)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 25.0.1
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 44 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 53 GB (70%) free of 75 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PRINCIPAL-PC
~ User Name: Principal
~ All Users Names: Principal, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Principal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Principal\AppData\Roaming\
~ %Desktop% : C:\Users\Principal\Desktop\
~ %Favorites% : C:\Users\Principal\Favorites\
~ %LocalAppData% : C:\Users\Principal\AppData\Local\
~ %StartMenu% : C:\Users\Principal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 53 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.12/08/2013 - 15:18:11.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Internet Extensions para Win32.) (.15/03/2011 - 12:03:53.) -- C:\Windows\System32\wininet.dll [1126912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 18:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.12/08/2013 - 15:19:20.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12/08/2013 - 15:21:48.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 18:29:12.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/337
~ Mes musiques (My Musics) : 99/140
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/206
~ Mon Bureau (My Desktop) : 1/150
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2536]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.2544]
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.2596]
[MD5.D1EA7694103F5D5CF11148F9B3864C45] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [1004544] [PID.2608]
[MD5.521BE0575EE9CBD360ECC57BDE9A0309] - (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840] [PID.2668]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.2880]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [507264] [PID.572]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.3992]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.2468]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\prefs.js
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\prefs.js
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\prefs.js
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\searchplugins\yahoo_ff.xml
M2 - MFEP: prefs.js [Principal - o2bthflo.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Principal - vp0mmt3a.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Principal - z8tcyluo.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{24283B82-6CA0-4493-A983-C524DC471678}] (...) -- F:\atualizar\Firefox.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{470ECDB5-32B0-49CC-8059-9AC8E51FAE50}] (...) -- F:\atualizar\Firefox.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4E939B4C-DFD9-441F-BFA8-52D10117B9EF}] (...) -- D:\setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 04s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.1 - (.Ares Development Group.) [HKLM] -- Ares
~ Logic: 4 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
~ Key Software: 123 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/11/2012 - 14:31:46 - [] ----D C:\Program Files\Ares
O43 - CFD: 08/08/2012 - 17:30:27 - [] ----D C:\Users\Principal\AppData\Local\Ares
O43 - CFD: 15/11/2012 - 14:31:38 - [0] ----D C:\Users\Principal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
~ Program Folder: 119 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8CC485F79003E70F7AC2AEB37E46E2B7] - 22/04/2014 - 10:52:53 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [124724]
O44 - LFC:[MD5.7DD93559822E742118850444222BBD70] - 22/04/2014 - 10:52:53 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [654272]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 30/04/2014 - 18:36:40 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/04/2014 - 19:05:07 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.D874181DD8524981E5961BDA7708ED3D] - 30/04/2014 - 20:10:28 ---A- . (...) -- C:\zoek-results.log [21389]
~ Files: 14 Legitimates Filtered in 00mn 04s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:04/04/2014 - 21:36:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:04/04/2014 - 21:36:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:29/06/2012 - 14:14:46 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\Windows\System32\Drivers\smsens.sys [3744]
O58 - SDL:29/06/2012 - 14:14:46 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\Windows\System32\Drivers\smwdm.sys [578368]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 71 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {94BF4C0C-DE68-44E2-ADBC-96E8542A47BB} - (Yahoo! Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {94BF4C0C-DE68-44E2-ADBC-96E8542A47BB} - (Yahoo! Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.68DCB5D1CF09C64D59FF44845E24EE7D] [SPRF][27/07/2010] (...) -- C:\Users\Principal\Desktop\AdbeRdr930_pt_BR.exe [25505304]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.1B88BF49F3FF0D2596BCA9E49894F611] [WIS][31/03/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\2d0921.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_08875ABF44579E20_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_08875ABF44579E20_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
~ BTK: 234 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 6363 Legitimates Filtered in 00mn 19s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 17/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/09/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 28/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/02/2013 528192 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
SR - | Auto 04/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 20/11/2010 57344 | (SLService) . (...) - C:\Windows\System32\slserv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 20s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95525BD9-6136-4A26-8263-9CEE295D442D}] =>Toolbar.4shared
[HKCU\Software\IObit Apps] =>PUP.Dealio
[HKCU\Software\AppDataLow\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Windows\Installer\2d0921.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 192997 Items scanned in 00mn 48s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SearchSettings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Dealio
~ MSI: 2 link(s) detected in 00mn 00s
~ 615 Legitimates filtered by white list
End of the scan (418 lines in 02mn 01s)(0)
~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por Principal (30/04/2014 21:12:33)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 25.0.1
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 44 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 53 GB (70%) free of 75 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PRINCIPAL-PC
~ User Name: Principal
~ All Users Names: Principal, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Principal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Principal\AppData\Roaming\
~ %Desktop% : C:\Users\Principal\Desktop\
~ %Favorites% : C:\Users\Principal\Favorites\
~ %LocalAppData% : C:\Users\Principal\AppData\Local\
~ %StartMenu% : C:\Users\Principal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 53 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.12/08/2013 - 15:18:11.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Internet Extensions para Win32.) (.15/03/2011 - 12:03:53.) -- C:\Windows\System32\wininet.dll [1126912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 18:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.12/08/2013 - 15:19:20.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12/08/2013 - 15:21:48.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 18:29:12.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/337
~ Mes musiques (My Musics) : 99/140
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/206
~ Mon Bureau (My Desktop) : 1/150
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2536]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.2544]
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.2596]
[MD5.D1EA7694103F5D5CF11148F9B3864C45] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [1004544] [PID.2608]
[MD5.521BE0575EE9CBD360ECC57BDE9A0309] - (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840] [PID.2668]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.2880]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [507264] [PID.572]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.3992]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.2468]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\prefs.js
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\prefs.js
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\prefs.js
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\searchplugins\yahoo_ff.xml
M2 - MFEP: prefs.js [Principal - o2bthflo.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Principal - vp0mmt3a.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Principal - z8tcyluo.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{24283B82-6CA0-4493-A983-C524DC471678}] (...) -- F:\atualizar\Firefox.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{470ECDB5-32B0-49CC-8059-9AC8E51FAE50}] (...) -- F:\atualizar\Firefox.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4E939B4C-DFD9-441F-BFA8-52D10117B9EF}] (...) -- D:\setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 04s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.1 - (.Ares Development Group.) [HKLM] -- Ares
~ Logic: 4 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
~ Key Software: 123 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/11/2012 - 14:31:46 - [] ----D C:\Program Files\Ares
O43 - CFD: 08/08/2012 - 17:30:27 - [] ----D C:\Users\Principal\AppData\Local\Ares
O43 - CFD: 15/11/2012 - 14:31:38 - [0] ----D C:\Users\Principal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
~ Program Folder: 119 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8CC485F79003E70F7AC2AEB37E46E2B7] - 22/04/2014 - 10:52:53 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [124724]
O44 - LFC:[MD5.7DD93559822E742118850444222BBD70] - 22/04/2014 - 10:52:53 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [654272]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 30/04/2014 - 18:36:40 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/04/2014 - 19:05:07 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.D874181DD8524981E5961BDA7708ED3D] - 30/04/2014 - 20:10:28 ---A- . (...) -- C:\zoek-results.log [21389]
~ Files: 14 Legitimates Filtered in 00mn 04s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:04/04/2014 - 21:36:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:04/04/2014 - 21:36:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:29/06/2012 - 14:14:46 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\Windows\System32\Drivers\smsens.sys [3744]
O58 - SDL:29/06/2012 - 14:14:46 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\Windows\System32\Drivers\smwdm.sys [578368]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 71 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {94BF4C0C-DE68-44E2-ADBC-96E8542A47BB} - (Yahoo! Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {94BF4C0C-DE68-44E2-ADBC-96E8542A47BB} - (Yahoo! Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.68DCB5D1CF09C64D59FF44845E24EE7D] [SPRF][27/07/2010] (...) -- C:\Users\Principal\Desktop\AdbeRdr930_pt_BR.exe [25505304]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.1B88BF49F3FF0D2596BCA9E49894F611] [WIS][31/03/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\2d0921.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_08875ABF44579E20_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_08875ABF44579E20_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
~ BTK: 234 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 6363 Legitimates Filtered in 00mn 19s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 17/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/09/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 28/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/02/2013 528192 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
SR - | Auto 04/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 20/11/2010 57344 | (SLService) . (...) - C:\Windows\System32\slserv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 20s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95525BD9-6136-4A26-8263-9CEE295D442D}] =>Toolbar.4shared
[HKCU\Software\IObit Apps] =>PUP.Dealio
[HKCU\Software\AppDataLow\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Windows\Installer\2d0921.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 192997 Items scanned in 00mn 48s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SearchSettings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Dealio
~ MSI: 2 link(s) detected in 00mn 00s
~ 615 Legitimates filtered by white list
End of the scan (418 lines in 02mn 01s)(0)
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 21:25
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_____________________________________________________________________________________________________
Depois de seguir as dicas que lhe passei acima, selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Qua 30 Abr 2014, 22:27, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 21:30
Vlw Power Max!Meu pc estava com mtos problemas?E em relaçao aos programas q baixei devo desinstalar?
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 21:34
Ja baixei o ccleaner,td certo,vou deixar esses programas iniciando junto com o windows pois n esta interferindo mto,no aguardo!
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 21:36
Nós vamos desinstalar os programas no final. Mas falta você também fazer o procedimento com o ZHPFix e postar o relatório dele.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 21:47
me passa a pagina p download e o tutorial ai, Power Max,por gentileza
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 21:48
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Qua 30 Abr 2014, 22:27, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 21:57
log:
apareceu outro ve se é esse mesmo..
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Principal at 30/04/2014 21:53:30
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (01mn 44s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ:* SearchScopes :{94BF4C0C-DE68-44E2-ADBC-96E8542A47BB}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95525BD9-6136-4A26-8263-9CEE295D442D}
ELIMINÉ: HKCU\Software\IObit Apps
ELIMINÉ: HKCU\Software\AppDataLow\Software\IObit Apps
ELIMINÉ: HKLM\Software\IObit Apps
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (118) (1.791.465 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {24283B82-6CA0-4493-A983-C524DC471678}
ELIMINÉ: {470ECDB5-32B0-49CC-8059-9AC8E51FAE50}
ELIMINÉ: {4E939B4C-DFD9-441F-BFA8-52D10117B9EF}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
8 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
3 : Tarefa planificada
1 : Restauração Sistema
End of clean in 02mn 12s
========== Caminho do ficheiro do relatório ==========
C:\Users\Principal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/04/2014 21:55:15 [1819]
apareceu outro ve se é esse mesmo..
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Principal at 30/04/2014 21:53:30
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (01mn 44s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ:* SearchScopes :{94BF4C0C-DE68-44E2-ADBC-96E8542A47BB}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95525BD9-6136-4A26-8263-9CEE295D442D}
ELIMINÉ: HKCU\Software\IObit Apps
ELIMINÉ: HKCU\Software\AppDataLow\Software\IObit Apps
ELIMINÉ: HKLM\Software\IObit Apps
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (118) (1.791.465 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {24283B82-6CA0-4493-A983-C524DC471678}
ELIMINÉ: {470ECDB5-32B0-49CC-8059-9AC8E51FAE50}
ELIMINÉ: {4E939B4C-DFD9-441F-BFA8-52D10117B9EF}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
8 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
3 : Tarefa planificada
1 : Restauração Sistema
End of clean in 02mn 12s
========== Caminho do ficheiro do relatório ==========
C:\Users\Principal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/04/2014 21:55:15 [1819]
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 21:59
Está certo, é assim mesmo. Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 22:07
LOg
~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por Principal (30/04/2014 22:02:51)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 25.0.1
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 44 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 53 GB (70%) free of 75 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PRINCIPAL-PC
~ User Name: Principal
~ All Users Names: Principal, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Principal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Principal\AppData\Roaming\
~ %Desktop% : C:\Users\Principal\Desktop\
~ %Favorites% : C:\Users\Principal\Favorites\
~ %LocalAppData% : C:\Users\Principal\AppData\Local\
~ %StartMenu% : C:\Users\Principal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 53 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.12/08/2013 - 15:18:11.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Internet Extensions para Win32.) (.15/03/2011 - 12:03:53.) -- C:\Windows\System32\wininet.dll [1126912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 18:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.12/08/2013 - 15:19:20.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12/08/2013 - 15:21:48.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 18:29:12.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/337
~ Mes musiques (My Musics) : 99/140
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/206
~ Mon Bureau (My Desktop) : 1/151
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2536]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.2544]
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.2596]
[MD5.D1EA7694103F5D5CF11148F9B3864C45] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [1004544] [PID.2608]
[MD5.521BE0575EE9CBD360ECC57BDE9A0309] - (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840] [PID.2668]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.2880]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [507264] [PID.572]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.1320]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.3072]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\prefs.js
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\prefs.js
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\prefs.js
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\searchplugins\yahoo_ff.xml
M2 - MFEP: prefs.js [Principal - o2bthflo.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Principal - vp0mmt3a.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Principal - z8tcyluo.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 11 Legitimates Filtered in 00mn 03s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.1 - (.Ares Development Group.) [HKLM] -- Ares
~ Logic: 4 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
~ Key Software: 120 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/11/2012 - 14:31:46 - [] ----D C:\Program Files\Ares
O43 - CFD: 08/08/2012 - 17:30:27 - [] ----D C:\Users\Principal\AppData\Local\Ares
O43 - CFD: 15/11/2012 - 14:31:38 - [0] ----D C:\Users\Principal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
~ Program Folder: 119 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8CC485F79003E70F7AC2AEB37E46E2B7] - 22/04/2014 - 10:52:53 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [124724]
O44 - LFC:[MD5.7DD93559822E742118850444222BBD70] - 22/04/2014 - 10:52:53 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [654272]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 30/04/2014 - 18:36:40 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/04/2014 - 19:05:07 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.D874181DD8524981E5961BDA7708ED3D] - 30/04/2014 - 20:10:28 ---A- . (...) -- C:\zoek-results.log [21389]
~ Files: 14 Legitimates Filtered in 00mn 04s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:04/04/2014 - 21:36:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:04/04/2014 - 21:36:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:29/06/2012 - 14:14:46 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\Windows\System32\Drivers\smsens.sys [3744]
O58 - SDL:29/06/2012 - 14:14:46 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\Windows\System32\Drivers\smwdm.sys [578368]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 71 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.68DCB5D1CF09C64D59FF44845E24EE7D] [SPRF][27/07/2010] (...) -- C:\Users\Principal\Desktop\AdbeRdr930_pt_BR.exe [25505304]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.1B88BF49F3FF0D2596BCA9E49894F611] [WIS][31/03/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\2d0921.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_08875ABF44579E20_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_08875ABF44579E20_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
~ BTK: 232 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 6363 Legitimates Filtered in 00mn 19s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 17/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/09/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 28/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/02/2013 528192 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
SR - | Auto 04/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 20/11/2010 57344 | (SLService) . (...) - C:\Windows\System32\slserv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Windows\Installer\2d0921.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 192748 Items scanned in 00mn 44s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 609 Legitimates filtered by white list
End of the scan (404 lines in 01mn 50s)(0)
~ Relatório do ZHPDiag v2014.4.28.48 - Nicolas Coolman (28/04/2014)
~ Iniciado por Principal (30/04/2014 22:02:51)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 25.0.1
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 44 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2047 MB (61% free)
System Restore: Activé (Enable)
System drive C: has 53 GB (70%) free of 75 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PRINCIPAL-PC
~ User Name: Principal
~ All Users Names: Principal, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Principal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Principal\AppData\Roaming\
~ %Desktop% : C:\Users\Principal\Desktop\
~ %Favorites% : C:\Users\Principal\Favorites\
~ %LocalAppData% : C:\Users\Principal\AppData\Local\
~ %StartMenu% : C:\Users\Principal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 53 Go of 75 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.12/08/2013 - 15:18:11.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Internet Extensions para Win32.) (.15/03/2011 - 12:03:53.) -- C:\Windows\System32\wininet.dll [1126912]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 18:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.12/08/2013 - 15:19:20.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.12/08/2013 - 15:21:48.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/11/2010 - 18:29:12.) -- C:\Windows\system32\Drivers\ntfs.sys [1211264]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/337
~ Mes musiques (My Musics) : 99/140
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/206
~ Mon Bureau (My Desktop) : 1/151
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2536]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.2544]
[MD5.ECE648CDC3A09421E996DFFDA76F5C53] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136] [PID.2596]
[MD5.D1EA7694103F5D5CF11148F9B3864C45] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [1004544] [PID.2608]
[MD5.521BE0575EE9CBD360ECC57BDE9A0309] - (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840] [PID.2668]
[MD5.B920AAF7ABEA489AC415DD38AD7B76CD] - (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1209904] [PID.2880]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe [507264] [PID.572]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.1320]
[MD5.1780A53FCE5975B94604775CD9460F22] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7865344] [PID.3072]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Principal\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\prefs.js
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\prefs.js
C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\prefs.js
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\o2bthflo.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\vp0mmt3a.default\searchplugins\yahoo_ff.xml
M3 - MFPP: Plugins - [Principal] -- C:\Users\Principal\AppData\Roaming\Mozilla\Firefox\Profiles\z8tcyluo.default\searchplugins\yahoo_ff.xml
M2 - MFEP: prefs.js [Principal - o2bthflo.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Principal - vp0mmt3a.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
M2 - MFEP: prefs.js [Principal - z8tcyluo.default\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (..)
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKUS\S-1-5-21-2751142220-4110473743-906303487-1000\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{3FA74807-64A3-4815-A95A-D701F40041B0}: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 11 Legitimates Filtered in 00mn 03s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.1 - (.Ares Development Group.) [HKLM] -- Ares
~ Logic: 4 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
~ Key Software: 120 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/11/2012 - 14:31:46 - [] ----D C:\Program Files\Ares
O43 - CFD: 08/08/2012 - 17:30:27 - [] ----D C:\Users\Principal\AppData\Local\Ares
O43 - CFD: 15/11/2012 - 14:31:38 - [0] ----D C:\Users\Principal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
~ Program Folder: 119 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8CC485F79003E70F7AC2AEB37E46E2B7] - 22/04/2014 - 10:52:53 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [124724]
O44 - LFC:[MD5.7DD93559822E742118850444222BBD70] - 22/04/2014 - 10:52:53 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [654272]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 30/04/2014 - 18:36:40 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/04/2014 - 19:05:07 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.D874181DD8524981E5961BDA7708ED3D] - 30/04/2014 - 20:10:28 ---A- . (...) -- C:\zoek-results.log [21389]
~ Files: 14 Legitimates Filtered in 00mn 04s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:04/04/2014 - 21:36:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:04/04/2014 - 21:36:48 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180760]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:29/06/2012 - 14:14:46 ---A- . (.Analog Devices, Inc. - SoundMAX Stub Driver.) -- C:\Windows\System32\Drivers\smsens.sys [3744]
O58 - SDL:29/06/2012 - 14:14:46 ---A- . (.Analog Devices, Inc. - SoundMAX Integrated Digital Audio.) -- C:\Windows\System32\Drivers\smwdm.sys [578368]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 71 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.68DCB5D1CF09C64D59FF44845E24EE7D] [SPRF][27/07/2010] (...) -- C:\Users\Principal\Desktop\AdbeRdr930_pt_BR.exe [25505304]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.1B88BF49F3FF0D2596BCA9E49894F611] [WIS][31/03/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\2d0921.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\googletoolbarinstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_08875ABF44579E20_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarManager_08875ABF44579E20_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
~ BTK: 232 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 6363 Legitimates Filtered in 00mn 19s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 17/07/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 17/07/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/09/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 28/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/02/2013 528192 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
SR - | Auto 04/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Demand 01/06/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SR - | Auto 20/11/2010 57344 | (SLService) . (...) - C:\Windows\System32\slserv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Scâner Aditional (088)
Database Version : 13045 - (28/04/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Windows\Installer\2d0921.msi =>Toolbar.Google^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 192748 Items scanned in 00mn 44s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 609 Legitimates filtered by white list
End of the scan (404 lines in 01mn 50s)(0)
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 22:11
Como está seu PC depois destas limpezas?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 22:19
Aparenta esta bem,ele n estava apresentando problemas,o malwarebytes detectou alguns e eu não sabia como proceder de maneira correta. Porq teve q baixar tantos programas...gostaria de saber segundo sua analise se meu pc continha mtos problemas sérios...
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 22:26
Foi porque seu PC estava com muitos adwares, e estes adwares não são removidos com um programa só, são necessários o uso de vários como você percebeu.Porq teve q baixar tantos programas?
__________________________________________________________________________________
Tinha muitos adwares. É preciso tomar cuidado na hora de baixar e instalar programas para evitar este problema. A maioria dos grandes sites de download brasileiros está inserindo estes adwares nos seus instaladores, então o segredo para evitar eles é sempre que for fazer o download, escolher a opção de baixar sem o instalador do site.gostaria de saber segundo sua analise se meu pc continha mtos problemas sérios
E também verifique durante a instalação do programa se há a oferta de toolbars e outras coisas que não pertençam ao programa e vá desmarcando as coisas inúteis.
__________________________________________________________________________________
Fico feliz que o problema tenha sido resolvido. Só para finalizar siga estes tutoriais abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Malwarebytes detectou alguns problemas!
por curty Qua 30 Abr 2014, 23:02
Feito,mto obrigado se eu quiser fazer o mesmo procedimento no meu note posso fazer...Grande abraço!
# DelFix v10.7 - Relatório criado 30/04/2014 às 22:57:49
# Atualizado 27/04/2014 por Xplode
# Usuário : Principal - PRINCIPAL-PC
# Sistema Operacional : Windows 7 Ultimate (32 bits)
~ Removendo ferramentas de desinfecção ...
Removido : C:\zoek_backup
Removido : C:\AdwCleaner
Removido : C:\Users\Principal\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files\ZHPDiag
Removido : C:\zoek-results.log
Removido : C:\Users\Principal\Desktop\JRT.txt
Removido : C:\Users\Principal\Desktop\ZHPDiag.lnk
Removido : C:\Users\Principal\Desktop\ZHPDiag.txt
Removido : C:\Users\Principal\Desktop\ZHPFix.lnk
Removido : C:\Users\Principal\Desktop\ZHPFixReport.txt
Removido : C:\Users\Principal\Downloads\AdwCleaner.exe
Removido : C:\Users\Principal\Downloads\JRT.exe
Removido : C:\Users\Principal\Downloads\ZHPDiag2.exe
Removido : C:\Users\Principal\Downloads\zoek (1).exe
Removido : C:\Users\Principal\Downloads\zoek.exe
Removido : HKLM\SOFTWARE\AdwCleaner
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~ Limpando pontos da restauração do sistema ...
Removido : RP #78 [avast! antivirus system restore point | 04/05/2014 00:26:51]
Removido : RP #79 [Ponto de Verificação Agendado | 04/13/2014 02:30:40]
Removido : RP #80 [Ponto de Verificação Agendado | 04/21/2014 19:23:13]
Removido : RP #81 [Ponto de Verificação Agendado | 04/29/2014 01:11:12]
Removido : RP #82 [zoek.exe restore point | 04/30/2014 22:08:46]
Removido : RP #84 [ZHPFix Restore System Point | 05/01/2014 00:53:14]
Novo ponto de restauração criado !
########## - EOF - ##########
# DelFix v10.7 - Relatório criado 30/04/2014 às 22:57:49
# Atualizado 27/04/2014 por Xplode
# Usuário : Principal - PRINCIPAL-PC
# Sistema Operacional : Windows 7 Ultimate (32 bits)
~ Removendo ferramentas de desinfecção ...
Removido : C:\zoek_backup
Removido : C:\AdwCleaner
Removido : C:\Users\Principal\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files\ZHPDiag
Removido : C:\zoek-results.log
Removido : C:\Users\Principal\Desktop\JRT.txt
Removido : C:\Users\Principal\Desktop\ZHPDiag.lnk
Removido : C:\Users\Principal\Desktop\ZHPDiag.txt
Removido : C:\Users\Principal\Desktop\ZHPFix.lnk
Removido : C:\Users\Principal\Desktop\ZHPFixReport.txt
Removido : C:\Users\Principal\Downloads\AdwCleaner.exe
Removido : C:\Users\Principal\Downloads\JRT.exe
Removido : C:\Users\Principal\Downloads\ZHPDiag2.exe
Removido : C:\Users\Principal\Downloads\zoek (1).exe
Removido : C:\Users\Principal\Downloads\zoek.exe
Removido : HKLM\SOFTWARE\AdwCleaner
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~ Limpando pontos da restauração do sistema ...
Removido : RP #78 [avast! antivirus system restore point | 04/05/2014 00:26:51]
Removido : RP #79 [Ponto de Verificação Agendado | 04/13/2014 02:30:40]
Removido : RP #80 [Ponto de Verificação Agendado | 04/21/2014 19:23:13]
Removido : RP #81 [Ponto de Verificação Agendado | 04/29/2014 01:11:12]
Removido : RP #82 [zoek.exe restore point | 04/30/2014 22:08:46]
Removido : RP #84 [ZHPFix Restore System Point | 05/01/2014 00:53:14]
Novo ponto de restauração criado !
########## - EOF - ##########
curty- Membro
- Mensagens : 65
Reputação : 0
Data de inscrição : 24/04/2014
Re: Malwarebytes detectou alguns problemas!
por Power Max Qua 30 Abr 2014, 23:11
Neste caso é melhor criar um novo tópico aqui no Fórum na área de Remoção de Malwares para cuidarmos do seu note, porque cada caso é um caso.se eu quiser fazer o mesmo procedimento no meu note posso fazer?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 2 • 1, 2
Tópicos semelhantes» analise de log
» Malwarebytes detectou muitos virus!
» Antivirus detectou Phishing
» (RESOLVIDO) Malwerebytes detectou o PUP.Optional.Spigot.A
» Computador infectado com Ad Options
» Malwarebytes detectou muitos virus!
» Antivirus detectou Phishing
» (RESOLVIDO) Malwerebytes detectou o PUP.Optional.Spigot.A
» Computador infectado com Ad Options
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos