Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 13 usuários online :: 0 registrados, 0 invisíveis e 13 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Adwares e PUPs no PC
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2
Adwares e PUPs no PC
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:56:10, on 05/05/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\PC\AppData\Roaming\BrowserCompanion\tbhcn.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PC\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.15.20.253:3128;https=10.15.20.253:3128;ftp=10.15.20.253:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Fotos Slides Movie] wscript.exe //B "C:\Users\PC\AppData\Local\Temp\Fotos Slides Movie.vbe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: tbhcn.lnk = C:\Users\PC\AppData\Roaming\BrowserCompanion\tbhcn.exe
O4 - Global Startup: i-PowerXross.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - Global Startup: OSD.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
--
End of file - 9887 bytes
Scan saved at 09:56:10, on 05/05/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\PC\AppData\Roaming\BrowserCompanion\tbhcn.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PC\Downloads\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.15.20.253:3128;https=10.15.20.253:3128;ftp=10.15.20.253:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] "C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Fotos Slides Movie] wscript.exe //B "C:\Users\PC\AppData\Local\Temp\Fotos Slides Movie.vbe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: tbhcn.lnk = C:\Users\PC\AppData\Roaming\BrowserCompanion\tbhcn.exe
O4 - Global Startup: i-PowerXross.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O4 - Global Startup: OSD.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
--
End of file - 9887 bytes
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
# AdwCleaner v3.207 - Relatório criado 05/05/2014 às 11:16:32
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Starter (32 bits)
# Usuário : PC - PC-WIN
# Executando de : C:\Users\PC\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Deletada : C:\Program Files\BrowserCompanion
Pasta Deletada : C:\Program Files\Conduit
Pasta Deletada : C:\Program Files\DealPly
Pasta Deletada : C:\Users\PC\AppData\Local\Conduit
Pasta Deletada : C:\Users\PC\AppData\LocalLow\bbrs_002.tb
Pasta Deletada : C:\Users\PC\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\PC\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\PC\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\PC\AppData\Roaming\BrowserCompanion
Pasta Deletada : C:\Users\PC\AppData\Roaming\DealPly
Pasta Deletada : C:\Users\PC\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Pasta Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Pasta Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Valor Deletedo : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Chave Deletedo : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Chave Deletedo : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Chave Deletedo : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deletedo : HKCU\Software\BabylonToolbar
Chave Deletedo : HKCU\Software\bbrs_002.tb
Chave Deletedo : HKCU\Software\Blabbers
Chave Deletedo : HKCU\Software\Blabbers
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\BabylonToolbar
Chave Deletedo : HKLM\Software\BrowserCompanion
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16447
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v29.0 (pt-BR)
[ Arquivo : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bodddioamolcibagionmmobehnbhiakf
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deletedo [Extension] : gaiilaahiahdejapggenmdmafpmbipje
Deletedo [Extension] : mdebcffgnijbblbinknkbefciofebcda
*************************
AdwCleaner[R0].txt - [8338 octets] - [05/05/2014 11:14:01]
AdwCleaner[S0].txt - [7915 octets] - [05/05/2014 11:16:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7975 octets] ##########
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Starter (32 bits)
# Usuário : PC - PC-WIN
# Executando de : C:\Users\PC\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Pasta Deletada : C:\Program Files\BrowserCompanion
Pasta Deletada : C:\Program Files\Conduit
Pasta Deletada : C:\Program Files\DealPly
Pasta Deletada : C:\Users\PC\AppData\Local\Conduit
Pasta Deletada : C:\Users\PC\AppData\LocalLow\bbrs_002.tb
Pasta Deletada : C:\Users\PC\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\PC\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\PC\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\PC\AppData\Roaming\BrowserCompanion
Pasta Deletada : C:\Users\PC\AppData\Roaming\DealPly
Pasta Deletada : C:\Users\PC\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Pasta Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Pasta Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mdebcffgnijbblbinknkbefciofebcda
Valor Deletedo : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Chave Deletedo : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Chave Deletedo : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Chave Deletedo : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chave Deletedo : HKCU\Software\BabylonToolbar
Chave Deletedo : HKCU\Software\bbrs_002.tb
Chave Deletedo : HKCU\Software\Blabbers
Chave Deletedo : HKCU\Software\Blabbers
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\BabylonToolbar
Chave Deletedo : HKLM\Software\BrowserCompanion
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16447
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v29.0 (pt-BR)
[ Arquivo : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js ]
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : bodddioamolcibagionmmobehnbhiakf
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deletedo [Extension] : gaiilaahiahdejapggenmdmafpmbipje
Deletedo [Extension] : mdebcffgnijbblbinknkbefciofebcda
*************************
AdwCleaner[R0].txt - [8338 octets] - [05/05/2014 11:14:01]
AdwCleaner[S0].txt - [7915 octets] - [05/05/2014 11:16:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7975 octets] ##########
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
Caro Powe max, tentei 2x passar esse malwarebyte, quando chega em 2h de scan o pc reinicia do nada, ja perdi 4h tentando passar esse malwarebyte e nao consigo finalizar. O relatorio que tem e so de atualização dele sera que e possivel realizar outro procedimento?
Obrigado
Obrigado
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by PC on 05/05/2014 at 16:45:43,55.
Microsoft Windows 7 Starter 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PC\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
05/05/2014 16:48:24 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
Added to C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Windows\system32\config\systemprofile\AppData\Roaming\DealPly deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\PC\AppData\Local\speeddial.crx deleted
C:\Users\PC\AppData\Local\CRE deleted
C:\Windows\OSD10.tmp deleted
C:\user.js deleted
C:\Windows\System32\PerfStringBackup.TMP deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/04/2014 18:36]
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
34663C9214E30B9B80F1D35A074B8DFC - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
7DD81A64EB213BF1FB8656345C6A6F1D - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
D86F9B69869E9354C2031B564998DFB1 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
57BCE27582F15E360F6003DC67B8C2CC - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
5D12C858A31BBBE00B040CC7B72035B4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
Koji NISHIDA - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf
YouTube - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
@="http://www.oquefazernainternet.com/q/%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.oquefazernainternet.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.bing.com/search?q={searchTerms}"
"SearchAssistant"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{F21D8264-78B7-461A-B3F5-6F5727836218} Bing Url="http://www.bing.com/search?FORM=MNMTDF&PC=MANM&q={searchTerms}&src=IE-SearchBox"
==== Reset Google Chrome ======================
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\PC\Desktop\Auslogics Disk Defrag.lnk - C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
C:\Users\PC\Desktop\CCleaner - Atalho.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\PC\Desktop\devenv - Atalho.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\Desktop\Secure Download Manager.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Installer\{D618297E-D3F2-4E18-915C-02182A134394}\_1BD30779A1894CA5522674.exe
C:\Users\PC\Desktop\WindowsPhone - Atalho.lnk - C:\Program Files\Windows Phone\WindowsPhone.exe
C:\Users\PC\Desktop\Jr\Filmes\Crepusculo Parte 2\Documentos - Atalho.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Ares.lnk - C:\Program Files\Ares\Ares.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Webcam.lnk - C:\Windows\Installer\{FF6434EA-69FA-4CAA-97F3-5A9EDBD62103}\_AFC4D9FF0CB3A0B91C8D21.exe
==== shortcuts in Users Start Menu ======================
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\FreeFixer.lnk - C:\Program Files\FreeFixer\freefixer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\Uninstall.lnk - C:\Program Files\FreeFixer\Uninstall.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Klavaro-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\bin\klavaro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Remove-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Desinstalar.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.141\McAfee.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\System32\msiexec.exe /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.1 Beta 3.lnk - C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Visualg (Versão 2).lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Visual Studio 2010.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=10.15.20.253:3128;https=10.15.20.253:3128;ftp=10.15.20.253:3128"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\466ce803-6283-4aa2-857a-1cfe3934a42e deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\eba14c3a-709b-484f-b41e-5d9253679eb1 deleted successfully
==== Empty IE Cache ======================
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\qad0app8.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=25 folders=8 5247219 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\PC\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\PC\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 05/05/2014 at 17:12:34,72 ======================
Tool run by PC on 05/05/2014 at 16:45:43,55.
Microsoft Windows 7 Starter 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PC\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
05/05/2014 16:48:24 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
Added to C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\Windows\system32\config\systemprofile\AppData\Roaming\DealPly deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\PC\AppData\Local\speeddial.crx deleted
C:\Users\PC\AppData\Local\CRE deleted
C:\Windows\OSD10.tmp deleted
C:\user.js deleted
C:\Windows\System32\PerfStringBackup.TMP deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/04/2014 18:36]
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
34663C9214E30B9B80F1D35A074B8DFC - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
7DD81A64EB213BF1FB8656345C6A6F1D - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
D86F9B69869E9354C2031B564998DFB1 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
57BCE27582F15E360F6003DC67B8C2CC - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
5D12C858A31BBBE00B040CC7B72035B4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
Koji NISHIDA - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf
YouTube - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.bing.com/search?q={searchTerms}"
@="http://www.oquefazernainternet.com/q/%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.oquefazernainternet.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.bing.com/search?q={searchTerms}"
"SearchAssistant"="http://www.bing.com/search?q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{F21D8264-78B7-461A-B3F5-6F5727836218} Bing Url="http://www.bing.com/search?FORM=MNMTDF&PC=MANM&q={searchTerms}&src=IE-SearchBox"
==== Reset Google Chrome ======================
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3430390850-1644443459-295647366-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
==== shortcuts on Users Desktops ======================
C:\Users\PC\Desktop\Auslogics Disk Defrag.lnk - C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
C:\Users\PC\Desktop\CCleaner - Atalho.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\PC\Desktop\devenv - Atalho.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\Desktop\Secure Download Manager.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Installer\{D618297E-D3F2-4E18-915C-02182A134394}\_1BD30779A1894CA5522674.exe
C:\Users\PC\Desktop\WindowsPhone - Atalho.lnk - C:\Program Files\Windows Phone\WindowsPhone.exe
C:\Users\PC\Desktop\Jr\Filmes\Crepusculo Parte 2\Documentos - Atalho.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Ares.lnk - C:\Program Files\Ares\Ares.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\Webcam.lnk - C:\Windows\Installer\{FF6434EA-69FA-4CAA-97F3-5A9EDBD62103}\_AFC4D9FF0CB3A0B91C8D21.exe
==== shortcuts in Users Start Menu ======================
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\FreeFixer.lnk - C:\Program Files\FreeFixer\freefixer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\Uninstall.lnk - C:\Program Files\FreeFixer\Uninstall.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Klavaro-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\bin\klavaro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Remove-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Desinstalar.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.141\McAfee.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\System32\msiexec.exe /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.1 Beta 3.lnk - C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Visualg (Versão 2).lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Visual Studio 2010.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=10.15.20.253:3128;https=10.15.20.253:3128;ftp=10.15.20.253:3128"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\466ce803-6283-4aa2-857a-1cfe3934a42e deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\eba14c3a-709b-484f-b41e-5d9253679eb1 deleted successfully
==== Empty IE Cache ======================
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\qad0app8.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=25 folders=8 5247219 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\PC\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\PC\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 05/05/2014 at 17:12:34,72 ======================
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by PC on 05/05/2014 at 17:26:59,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\qad0app8.default\minidumps [1 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\PC\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Folder] C:\Users\PC\appdata\local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/05/2014 at 17:32:47,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by PC on 05/05/2014 at 17:26:59,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yuna software
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\qad0app8.default\minidumps [1 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\PC\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Folder] C:\Users\PC\appdata\local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/05/2014 at 17:32:47,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
~ Relatório do ZHPDiag v2014.5.4.54 - Nicolas Coolman (04/05/2014)
~ Iniciado por PC (05/05/2014 17:48:33)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 29.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 100 GB (34%) free of 293 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PC-WIN
~ User Name: PC
~ All Users Names: PC, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\PC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\PC\AppData\Roaming\
~ %Desktop% : C:\Users\PC\Desktop\
~ %Favorites% : C:\Users\PC\Favorites\
~ %LocalAppData% : C:\Users\PC\AppData\Local\
~ %StartMenu% : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 100 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.8E87270C4704CF2951E1E7820D6C8A2B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/06/2012 - 05:25:08.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:44:01.) -- C:\Windows\system32\Drivers\ntfs.sys [1210240]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/1942
~ Mes musiques (My Musics) : 17/1932
~ Mes Videos (My Videos) : 1/617
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/3363
~ Mon Bureau (My Desktop) : 3/2022
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 13s
---\\ Processos lançados
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\GbpSv.exe [520520] [PID.788]
[MD5.A41F8321D64FD1CBC8DF7DC29F785A4B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe [229458] [PID.1092]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1496]
[MD5.01E81C84AD1D0ACC61CF3CFD06632210] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [116608] [PID.352]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.392]
[MD5.6416F9B6B220F0A890525C38235AFAD7] - (.LSI Corporation - LSI Soft Modem Call Progress Service.) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336] [PID.580]
[MD5.E956C0614367D4106A4411F151D494A5] - (.No owner - DCSHOST.) -- C:\ProgramData\DatacardService\HWDeviceService.exe [264704] [PID.1564]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.332]
[MD5.B05640AC812FCCB488328DF34E7F663A] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392] [PID.1768]
[MD5.8C59F909C5C2B136C5F38A9F48558663] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1676]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.1700]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.1648]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.2072]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040] [PID.2144]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.2348]
[MD5.FA10D5FBD2BF7B90CDC08CCBE3593881] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [3211776] [PID.2380]
[MD5.E812316104EBCD9051FDEC9FC3F034EF] - (...) -- C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe [512000] [PID.2448]
[MD5.43E2CFC37953501EA40D852AE585E7C0] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe [277920] [PID.2504]
[MD5.C9DF72070FA9628E5561D48FAACDC4D6] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe [449024] [PID.2524]
[MD5.D91AFB6D2A0DA7539B74FB5838775D94] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [98632] [PID.2540]
[MD5.637A0F23F9012358E92E6F99835494D1] - (.Microsoft Corporation - SQL Server VSS Writer.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840] [PID.2744]
[MD5.3FDBC28DEF3378089C5EE301637970BA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.976]
[MD5.8858F7FE986DD156F88488EDA50CC446] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.2688]
[MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.1944]
[MD5.700803AC9B451FB67DF35EF0E05382E7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7869952] [PID.2240]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2308]
~ Processes Running: Scanned in 00mn 02s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Program [PC]: Primeiros passos.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (.not file.)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKCU\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [HW_OPENEYE_OUC_] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: HWDeviceService.exe (HWDeviceService.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService.exe
~ Services: 8 Legitimates Filtered in 00mn 08s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{C58CBFCB-E4AC-4880-B1BA-16CF75001D8A}] (...) -- F:\RealPlayer11GOLD.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000Core [894]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000UA [916]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1044]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1048]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.9 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: CCE+SABER - v1.0 - (.CCE+SABER.) [HKLM] -- {D445A7B9-69A8-4860-95B9-BB957281D9A0}_is1
O42 - Logiciel: Driver 1.0 - (.Shuttle.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: FreeFixer - (.Kephyr.) [HKLM] -- FreeFixer1.09
O42 - Logiciel: Klavaro-1.9.7 - (...) [HKLM] -- Klavaro_is1
O42 - Logiciel: OSD 1.0 - (.OEM.) [HKLM] -- {4C2AF428-6E7F-443E-B147-3A8327C2053F}
O42 - Logiciel: Plugin Letras.mus.br 1.20 - (.Letras.mus.br.) [HKLM] -- Plugin Letras.mus.br
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: i-PowerXross 1.0 - (.OEM.) [HKLM] -- {F1E25CFC-1243-4210-81B6-0C3D104D7083}
~ Logic: 20 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\SHUTTLE]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\CCB]
[HKLM\Software\Fotos Slides Movie]
[HKLM\Software\SoilIO]
~ Key Software: 228 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/12/2012 - 22:49:37 - [] ----D C:\Program Files\Ares
O43 - CFD: 27/04/2013 - 14:49:19 - [] -SH-D C:\Program Files\eb5
O43 - CFD: 13/04/2014 - 12:08:46 - [] ----D C:\Program Files\FreeFixer
O43 - CFD: 23/04/2014 - 10:41:06 - [] ----D C:\Program Files\Klavaro-1.9.7
O43 - CFD: 25/07/2012 - 21:19:10 - [] ----D C:\Program Files\LGInternetKit
O43 - CFD: 29/03/2012 - 03:05:08 - [] ----D C:\Program Files\PluginLetras
O43 - CFD: 23/07/2010 - 13:56:15 - [] ----D C:\Program Files\Shuttle
O43 - CFD: 10/09/2011 - 21:21:12 - [] ----D C:\Program Files\Vivo
O43 - CFD: 10/09/2011 - 21:21:25 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 29/04/2014 - 18:31:50 - [] ----D C:\ProgramData\MiniApp
O43 - CFD: 13/04/2014 - 12:09:04 - [0] ----D C:\Users\PC\AppData\Roaming\FreeFixer
O43 - CFD: 28/04/2014 - 11:28:01 - [] ----D C:\Users\PC\AppData\Roaming\klavaro
O43 - CFD: 25/09/2011 - 10:46:00 - [] ----D C:\Users\PC\AppData\Roaming\VIVO INTERNET
O43 - CFD: 17/03/2013 - 17:37:58 - [] ----D C:\Users\PC\AppData\Roaming\[ManufacturerNonTM]
O43 - CFD: 07/12/2012 - 22:49:40 - [] ----D C:\Users\PC\AppData\Local\Ares
O43 - CFD: 13/04/2014 - 12:16:02 - [] ----D C:\Users\PC\AppData\Local\FreeFixer
O43 - CFD: 13/04/2014 - 12:08:47 - [] ----D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
~ Program Folder: 188 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O44 - LFC:[MD5.0F5E9488E39E62F692741330624D31BC] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 05/05/2014 - 11:14:37 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 05/05/2014 - 16:45:28 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.991F351722ABAB0DFFAF44A2EBB053DC] - 05/05/2014 - 17:12:34 ---A- . (...) -- C:\zoek-results.log [19851]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
~ Files: 28 Legitimates Filtered in 00mn 19s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2f72a504-e181-11e0-aa28-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{538ad263-e6f7-11e0-acfd-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{6b47fae8-dc07-11e0-ac62-80ee73115f13}\AutoRun\command. (...) -- H:\USBAutoRun.exe (.not file.)
O51 - MPSK:{6b47fb48-dc07-11e0-ac62-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{6b47fb5b-dc07-11e0-ac62-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{92f8fb09-86b7-11e2-8af0-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{e99bc6ca-85e7-11e2-acf3-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:29/08/2012 - 13:06:36 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:08/10/2010 - 16:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:24/01/2014 - 11:48:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:06/08/2010 - 07:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:04/12/2009 - 16:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 16:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 16:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/11/2009 - 23:50:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [420864]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 100 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 29/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 24/01/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 103 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {F21D8264-78B7-461A-B3F5-6F5727836218} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.FEED27DEB00EE4340AD66FD870BC2D93] [SPRF][03/09/2011] (.MPC-HC Team - Media Player Classic - Home Cinema Setup.) -- C:\Users\PC\Desktop\MPC-HomeCinema.1.5.2.3456.x86.exe [5607808]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 2 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\577296.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 04s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASAPI32 =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASMANCS =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 277 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager
~ BCK: 6276 Legitimates Filtered in 00mn 16s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 04/02/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/02/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 22/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 11/07/2012 116608 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 27/03/2009 14336 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
SR - | Auto 29/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 16/11/2010 264704 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 06/11/2009 229458 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Scâner Aditional (088)
Database Version : 13045 - (04/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\360Safe] =>Trojan.Lozavita
C:\Windows\Installer\577296.msi =>Toolbar.Bing^
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
~ Additionnel Scan: 360446 Items scanned in 01mn 26s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SearchYa
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Manager
~ MSI: 4 link(s) detected in 00mn 00s
~ 787 Legitimates filtered by white list
End of the scan (529 lines in 03mn 18s)(0)
~ Iniciado por PC (05/05/2014 17:48:33)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 29.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 100 GB (34%) free of 293 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PC-WIN
~ User Name: PC
~ All Users Names: PC, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\PC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\PC\AppData\Roaming\
~ %Desktop% : C:\Users\PC\Desktop\
~ %Favorites% : C:\Users\PC\Favorites\
~ %LocalAppData% : C:\Users\PC\AppData\Local\
~ %StartMenu% : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 100 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.8E87270C4704CF2951E1E7820D6C8A2B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/06/2012 - 05:25:08.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:44:01.) -- C:\Windows\system32\Drivers\ntfs.sys [1210240]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/1942
~ Mes musiques (My Musics) : 17/1932
~ Mes Videos (My Videos) : 1/617
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/3363
~ Mon Bureau (My Desktop) : 3/2022
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 13s
---\\ Processos lançados
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\GbpSv.exe [520520] [PID.788]
[MD5.A41F8321D64FD1CBC8DF7DC29F785A4B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe [229458] [PID.1092]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1496]
[MD5.01E81C84AD1D0ACC61CF3CFD06632210] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [116608] [PID.352]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.392]
[MD5.6416F9B6B220F0A890525C38235AFAD7] - (.LSI Corporation - LSI Soft Modem Call Progress Service.) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336] [PID.580]
[MD5.E956C0614367D4106A4411F151D494A5] - (.No owner - DCSHOST.) -- C:\ProgramData\DatacardService\HWDeviceService.exe [264704] [PID.1564]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.332]
[MD5.B05640AC812FCCB488328DF34E7F663A] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392] [PID.1768]
[MD5.8C59F909C5C2B136C5F38A9F48558663] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1676]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.1700]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.1648]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.2072]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040] [PID.2144]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.2348]
[MD5.FA10D5FBD2BF7B90CDC08CCBE3593881] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [3211776] [PID.2380]
[MD5.E812316104EBCD9051FDEC9FC3F034EF] - (...) -- C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe [512000] [PID.2448]
[MD5.43E2CFC37953501EA40D852AE585E7C0] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe [277920] [PID.2504]
[MD5.C9DF72070FA9628E5561D48FAACDC4D6] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe [449024] [PID.2524]
[MD5.D91AFB6D2A0DA7539B74FB5838775D94] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [98632] [PID.2540]
[MD5.637A0F23F9012358E92E6F99835494D1] - (.Microsoft Corporation - SQL Server VSS Writer.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840] [PID.2744]
[MD5.3FDBC28DEF3378089C5EE301637970BA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.976]
[MD5.8858F7FE986DD156F88488EDA50CC446] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.2688]
[MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.1944]
[MD5.700803AC9B451FB67DF35EF0E05382E7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7869952] [PID.2240]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2308]
~ Processes Running: Scanned in 00mn 02s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Program [PC]: Primeiros passos.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (.not file.)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKCU\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [HW_OPENEYE_OUC_] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKUS\S-1-5-21-3430390850-1644443459-295647366-1000\..\Run: [Fotos Slides Movie] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: HWDeviceService.exe (HWDeviceService.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService.exe
~ Services: 8 Legitimates Filtered in 00mn 08s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{C58CBFCB-E4AC-4880-B1BA-16CF75001D8A}] (...) -- F:\RealPlayer11GOLD.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000Core [894]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000UA [916]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1044]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1048]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.9 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: CCE+SABER - v1.0 - (.CCE+SABER.) [HKLM] -- {D445A7B9-69A8-4860-95B9-BB957281D9A0}_is1
O42 - Logiciel: Driver 1.0 - (.Shuttle.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: FreeFixer - (.Kephyr.) [HKLM] -- FreeFixer1.09
O42 - Logiciel: Klavaro-1.9.7 - (...) [HKLM] -- Klavaro_is1
O42 - Logiciel: OSD 1.0 - (.OEM.) [HKLM] -- {4C2AF428-6E7F-443E-B147-3A8327C2053F}
O42 - Logiciel: Plugin Letras.mus.br 1.20 - (.Letras.mus.br.) [HKLM] -- Plugin Letras.mus.br
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: i-PowerXross 1.0 - (.OEM.) [HKLM] -- {F1E25CFC-1243-4210-81B6-0C3D104D7083}
~ Logic: 20 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\SHUTTLE]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\CCB]
[HKLM\Software\Fotos Slides Movie]
[HKLM\Software\SoilIO]
~ Key Software: 228 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/12/2012 - 22:49:37 - [] ----D C:\Program Files\Ares
O43 - CFD: 27/04/2013 - 14:49:19 - [] -SH-D C:\Program Files\eb5
O43 - CFD: 13/04/2014 - 12:08:46 - [] ----D C:\Program Files\FreeFixer
O43 - CFD: 23/04/2014 - 10:41:06 - [] ----D C:\Program Files\Klavaro-1.9.7
O43 - CFD: 25/07/2012 - 21:19:10 - [] ----D C:\Program Files\LGInternetKit
O43 - CFD: 29/03/2012 - 03:05:08 - [] ----D C:\Program Files\PluginLetras
O43 - CFD: 23/07/2010 - 13:56:15 - [] ----D C:\Program Files\Shuttle
O43 - CFD: 10/09/2011 - 21:21:12 - [] ----D C:\Program Files\Vivo
O43 - CFD: 10/09/2011 - 21:21:25 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 29/04/2014 - 18:31:50 - [] ----D C:\ProgramData\MiniApp
O43 - CFD: 13/04/2014 - 12:09:04 - [0] ----D C:\Users\PC\AppData\Roaming\FreeFixer
O43 - CFD: 28/04/2014 - 11:28:01 - [] ----D C:\Users\PC\AppData\Roaming\klavaro
O43 - CFD: 25/09/2011 - 10:46:00 - [] ----D C:\Users\PC\AppData\Roaming\VIVO INTERNET
O43 - CFD: 17/03/2013 - 17:37:58 - [] ----D C:\Users\PC\AppData\Roaming\[ManufacturerNonTM]
O43 - CFD: 07/12/2012 - 22:49:40 - [] ----D C:\Users\PC\AppData\Local\Ares
O43 - CFD: 13/04/2014 - 12:16:02 - [] ----D C:\Users\PC\AppData\Local\FreeFixer
O43 - CFD: 13/04/2014 - 12:08:47 - [] ----D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
~ Program Folder: 188 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O44 - LFC:[MD5.0F5E9488E39E62F692741330624D31BC] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 05/05/2014 - 11:14:37 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 05/05/2014 - 16:45:28 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.991F351722ABAB0DFFAF44A2EBB053DC] - 05/05/2014 - 17:12:34 ---A- . (...) -- C:\zoek-results.log [19851]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
~ Files: 28 Legitimates Filtered in 00mn 19s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{2f72a504-e181-11e0-aa28-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{538ad263-e6f7-11e0-acfd-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{6b47fae8-dc07-11e0-ac62-80ee73115f13}\AutoRun\command. (...) -- H:\USBAutoRun.exe (.not file.)
O51 - MPSK:{6b47fb48-dc07-11e0-ac62-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{6b47fb5b-dc07-11e0-ac62-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{92f8fb09-86b7-11e2-8af0-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{e99bc6ca-85e7-11e2-acf3-80ee73115f13}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:29/08/2012 - 13:06:36 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:08/10/2010 - 16:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:24/01/2014 - 11:48:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:06/08/2010 - 07:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:04/12/2009 - 16:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 16:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 16:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/11/2009 - 23:50:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [420864]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 100 Legitimates Filtered in 00mn 03s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 29/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 24/01/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 103 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {F21D8264-78B7-461A-B3F5-6F5727836218} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.FEED27DEB00EE4340AD66FD870BC2D93] [SPRF][03/09/2011] (.MPC-HC Team - Media Player Classic - Home Cinema Setup.) -- C:\Users\PC\Desktop\MPC-HomeCinema.1.5.2.3456.x86.exe [5607808]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {35B6525E-071A-4EA9-B3BD-F6A742572F08}
~ MNS: 2 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\577296.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 04s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASAPI32 =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASMANCS =>Adware.SearchYa
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 277 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager
~ BCK: 6276 Legitimates Filtered in 00mn 16s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 04/02/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/02/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 22/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 11/07/2012 116608 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 27/03/2009 14336 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
SR - | Auto 29/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 16/11/2010 264704 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 06/11/2009 229458 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 19s
---\\ Scâner Aditional (088)
Database Version : 13045 - (04/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\360Safe] =>Trojan.Lozavita
C:\Windows\Installer\577296.msi =>Toolbar.Bing^
[HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}] (Groove WorkspaceManagerApplication) =>PUP.Manager^
~ Additionnel Scan: 360446 Items scanned in 01mn 26s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.SearchYa
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Manager
~ MSI: 4 link(s) detected in 00mn 00s
~ 787 Legitimates filtered by white list
End of the scan (529 lines in 03mn 18s)(0)
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_______________________________________________________________________________________________________
Sugiro que desinstale o McAfee Security Scan Plus, que é desnecessário.
_______________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_______________________________________________________________________________________________________
Sugiro que desinstale o McAfee Security Scan Plus, que é desnecessário.
_______________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Ter 06 maio 2014, 16:58, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
nao consigo baixar o c clear me manda link por favor do dl
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by PC at 05/05/2014 22:11:53
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Fotos Slides Movie
ELIMINÉ CLSID MPSK: {2f72a504-e181-11e0-aa28-80ee73115f13}
ELIMINÉ CLSID MPSK: {538ad263-e6f7-11e0-acfd-80ee73115f13}
ELIMINÉ CLSID MPSK: {6b47fae8-dc07-11e0-ac62-80ee73115f13}
ELIMINÉ CLSID MPSK: {6b47fb48-dc07-11e0-ac62-80ee73115f13}
ELIMINÉ CLSID MPSK: {6b47fb5b-dc07-11e0-ac62-80ee73115f13}
ELIMINÉ CLSID MPSK: {92f8fb09-86b7-11e2-8af0-80ee73115f13}
ELIMINÉ CLSID MPSK: {e99bc6ca-85e7-11e2-acf3-80ee73115f13}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{F21D8264-78B7-461A-B3F5-6F5727836218}
ELIMINÉ: CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASMANCS
ELIMINÉ: HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (296) (12.348.381 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {C58CBFCB-E4AC-4880-B1BA-16CF75001D8A}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
16 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 53s
========== Caminho do ficheiro do relatório ==========
C:\Users\PC\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/05/2014 22:11:55 [2186]
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by PC at 05/05/2014 22:11:53
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Fotos Slides Movie
ELIMINÉ CLSID MPSK: {2f72a504-e181-11e0-aa28-80ee73115f13}
ELIMINÉ CLSID MPSK: {538ad263-e6f7-11e0-acfd-80ee73115f13}
ELIMINÉ CLSID MPSK: {6b47fae8-dc07-11e0-ac62-80ee73115f13}
ELIMINÉ CLSID MPSK: {6b47fb48-dc07-11e0-ac62-80ee73115f13}
ELIMINÉ CLSID MPSK: {6b47fb5b-dc07-11e0-ac62-80ee73115f13}
ELIMINÉ CLSID MPSK: {92f8fb09-86b7-11e2-8af0-80ee73115f13}
ELIMINÉ CLSID MPSK: {e99bc6ca-85e7-11e2-acf3-80ee73115f13}
ELIMINÉ: SearchScopes :{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ELIMINÉ: SearchScopes :{F21D8264-78B7-461A-B3F5-6F5727836218}
ELIMINÉ: CLSID NameSpace: {35B6525E-071A-4EA9-B3BD-F6A742572F08}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\SearchYa_v2_RASMANCS
ELIMINÉ: HKCR\CLSID\{89425C81-9C22-44E0-9D7C-2875C59C80DD}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (296) (12.348.381 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {C58CBFCB-E4AC-4880-B1BA-16CF75001D8A}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
16 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 53s
========== Caminho do ficheiro do relatório ==========
C:\Users\PC\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/05/2014 22:11:55 [2186]
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Pode baixar o Ccleaner neste link:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
~ Relatório do ZHPDiag v2014.5.4.54 - Nicolas Coolman (04/05/2014)
~ Iniciado por PC (05/05/2014 22:23:45)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 29.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 102 GB (34%) free of 293 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PC-WIN
~ User Name: PC
~ All Users Names: PC, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\PC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\PC\AppData\Roaming\
~ %Desktop% : C:\Users\PC\Desktop\
~ %Favorites% : C:\Users\PC\Favorites\
~ %LocalAppData% : C:\Users\PC\AppData\Local\
~ %StartMenu% : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 102 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.8E87270C4704CF2951E1E7820D6C8A2B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/06/2012 - 05:25:08.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:44:01.) -- C:\Windows\system32\Drivers\ntfs.sys [1210240]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/1942
~ Mes musiques (My Musics) : 17/1932
~ Mes Videos (My Videos) : 1/617
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/3363
~ Mon Bureau (My Desktop) : 3/2024
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 14s
---\\ Processos lançados
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\GbpSv.exe [520520] [PID.788]
[MD5.A41F8321D64FD1CBC8DF7DC29F785A4B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe [229458] [PID.1092]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1496]
[MD5.01E81C84AD1D0ACC61CF3CFD06632210] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [116608] [PID.352]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.392]
[MD5.6416F9B6B220F0A890525C38235AFAD7] - (.LSI Corporation - LSI Soft Modem Call Progress Service.) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336] [PID.580]
[MD5.E956C0614367D4106A4411F151D494A5] - (.No owner - DCSHOST.) -- C:\ProgramData\DatacardService\HWDeviceService.exe [264704] [PID.1564]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.332]
[MD5.B05640AC812FCCB488328DF34E7F663A] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392] [PID.1768]
[MD5.8C59F909C5C2B136C5F38A9F48558663] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1676]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.1700]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.1648]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.2072]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040] [PID.2144]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.2348]
[MD5.FA10D5FBD2BF7B90CDC08CCBE3593881] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [3211776] [PID.2380]
[MD5.E812316104EBCD9051FDEC9FC3F034EF] - (...) -- C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe [512000] [PID.2448]
[MD5.C9DF72070FA9628E5561D48FAACDC4D6] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe [449024] [PID.2524]
[MD5.D91AFB6D2A0DA7539B74FB5838775D94] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [98632] [PID.2540]
[MD5.637A0F23F9012358E92E6F99835494D1] - (.Microsoft Corporation - SQL Server VSS Writer.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840] [PID.2744]
[MD5.30C3DEFEE78AEFB92ECE5536F017F8E8] - (.Iminent - Iminent Protection.) -- C:\Program Files\Common Files\Umbrella\Umbrella226.exe [3052352] [PID.6024] =>Adware.IMBooster
[MD5.3FDBC28DEF3378089C5EE301637970BA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4732]
[MD5.8858F7FE986DD156F88488EDA50CC446] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5000]
[MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.3948]
[MD5.700803AC9B451FB67DF35EF0E05382E7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7869952] [PID.5836]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4388]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\user.js
M3 - MFPP: Plugins - [PC] -- C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\searchplugins\iminent.xml =>Adware.IMBooster
M0 - MFSP: prefs.js [PC - qad0app8.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
M2 - MFEP: prefs.js [PC - qad0app8.default\ffxtlbr@iminent.com] [] Iminent Toolbar v1.6.0 (..) =>Adware.IMBooster
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} . (.Iminent - No Comment.) -- C:\Program Files\IminentToolbar\1.8.28.3\bh\iminent.dll =>Adware.IMBooster
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} . (.SIEN - Minibar.) -- C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll =>PUP.Minibar
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Iminent Toolbar - [HKLM]{1FAFD711-ABF9-4F6A-8130-5166C7371427} . (.Iminent - No Comment.) -- C:\Program Files\IminentToolbar\1.8.28.3\iminentTlbr.dll =>Adware.IMBooster
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Program [PC]: Primeiros passos.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: HWDeviceService.exe (HWDeviceService.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files\Common Files\Umbrella\Umbrella226.exe =>Adware.IMBooster
~ Services: 9 Legitimates Filtered in 00mn 08s
---\\ Tarefas planificadas automaticamente (039)
[MD5.EF46205D284DFFE5AC49866003E24123] [APT] [FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl] (.Sien SA.) -- C:\Users\PC\AppData\Roaming\igdhbblPCellaljokkpfhcjlagemhgjl\minibarchrome.exe [869184] =>PUP.Minibar
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000Core [894]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000UA [916]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1044]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1048]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 03s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.9 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: CCE+SABER - v1.0 - (.CCE+SABER.) [HKLM] -- {D445A7B9-69A8-4860-95B9-BB957281D9A0}_is1
O42 - Logiciel: Driver 1.0 - (.Shuttle.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: FreeFixer - (.Kephyr.) [HKLM] -- FreeFixer1.09
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- IMBoosterARP =>Adware.IMBooster
O42 - Logiciel: Klavaro-1.9.7 - (...) [HKLM] -- Klavaro_is1
O42 - Logiciel: OSD 1.0 - (.OEM.) [HKLM] -- {4C2AF428-6E7F-443E-B147-3A8327C2053F}
O42 - Logiciel: Plugin Letras.mus.br 1.20 - (.Letras.mus.br.) [HKLM] -- Plugin Letras.mus.br
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: i-PowerXross 1.0 - (.OEM.) [HKLM] -- {F1E25CFC-1243-4210-81B6-0C3D104D7083}
~ Logic: 21 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\IminentToolbar] =>Adware.IMBooster
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\SHUTTLE]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\CCB]
[HKLM\Software\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\SoilIO]
[HKLM\Software\Umbrella]
~ Key Software: 230 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/12/2012 - 22:49:37 - [] ----D C:\Program Files\Ares
O43 - CFD: 27/04/2013 - 14:49:19 - [] -SH-D C:\Program Files\eb5
O43 - CFD: 13/04/2014 - 12:08:46 - [] ----D C:\Program Files\FreeFixer
O43 - CFD: 05/05/2014 - 22:08:39 - [] ---AD C:\Program Files\Iminent =>Adware.IMBooster
O43 - CFD: 05/05/2014 - 22:08:46 - [] ----D C:\Program Files\IminentToolbar =>Adware.IMBooster
O43 - CFD: 23/04/2014 - 10:41:06 - [] ----D C:\Program Files\Klavaro-1.9.7
O43 - CFD: 25/07/2012 - 21:19:10 - [] ----D C:\Program Files\LGInternetKit
O43 - CFD: 29/03/2012 - 03:05:08 - [] ----D C:\Program Files\PluginLetras
O43 - CFD: 23/07/2010 - 13:56:15 - [] ----D C:\Program Files\Shuttle
O43 - CFD: 10/09/2011 - 21:21:12 - [] ----D C:\Program Files\Vivo
O43 - CFD: 10/09/2011 - 21:21:25 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 05/05/2014 - 22:08:28 - [] ----D C:\Program Files\Common Files\Umbrella
O43 - CFD: 29/04/2014 - 18:31:50 - [] ----D C:\ProgramData\MiniApp
O43 - CFD: 13/04/2014 - 12:09:04 - [0] ----D C:\Users\PC\AppData\Roaming\FreeFixer
O43 - CFD: 05/05/2014 - 22:23:44 - [] ----D C:\Users\PC\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
O43 - CFD: 05/05/2014 - 22:08:45 - [] ----D C:\Users\PC\AppData\Roaming\IminentToolbar =>Adware.IMBooster
O43 - CFD: 28/04/2014 - 11:28:01 - [] ----D C:\Users\PC\AppData\Roaming\klavaro
O43 - CFD: 25/09/2011 - 10:46:00 - [] ----D C:\Users\PC\AppData\Roaming\VIVO INTERNET
O43 - CFD: 17/03/2013 - 17:37:58 - [] ----D C:\Users\PC\AppData\Roaming\[ManufacturerNonTM]
O43 - CFD: 07/12/2012 - 22:49:40 - [] ----D C:\Users\PC\AppData\Local\Ares
O43 - CFD: 13/04/2014 - 12:16:02 - [] ----D C:\Users\PC\AppData\Local\FreeFixer
O43 - CFD: 13/04/2014 - 12:08:47 - [] ----D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
~ Program Folder: 191 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O44 - LFC:[MD5.0F5E9488E39E62F692741330624D31BC] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 04/05/2014 - 23:02:58 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 05/05/2014 - 11:14:37 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 05/05/2014 - 16:45:28 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.991F351722ABAB0DFFAF44A2EBB053DC] - 05/05/2014 - 17:12:34 ---A- . (...) -- C:\zoek-results.log [19851]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
~ Files: 25 Legitimates Filtered in 00mn 03s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
~ IFEO: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:29/08/2012 - 13:06:36 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:08/10/2010 - 16:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:24/01/2014 - 11:48:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:06/08/2010 - 07:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:04/12/2009 - 16:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 16:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 16:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/11/2009 - 23:50:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [420864]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 100 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 29/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 24/01/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 103 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {460C3D19-B3D4-4964-A550-77D263B0CCCB} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (StartWeb) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.FEED27DEB00EE4340AD66FD870BC2D93] [SPRF][03/09/2011] (.MPC-HC Team - Media Player Classic - Home Cinema Setup.) -- C:\Users\PC\Desktop\MPC-HomeCinema.1.5.2.3456.x86.exe [5607808]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\577296.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\iminenttoolbar_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\iminenttoolbar_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 287 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C}] (iminent Helper Object) =>Adware.IMBooster
[HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427}] (Iminent Toolbar) =>Adware.IMBooster
[HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] (IMinent WebBooster (BHO)) =>Adware.IMBooster
~ BCK: 6252 Legitimates Filtered in 00mn 09s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 04/02/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/02/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 11/07/2012 116608 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 27/03/2009 14336 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
SR - | Auto 29/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 16/11/2010 264704 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 11/04/2014 3052352 | (SProtection) . (.Iminent.) - C:\Program Files\Common Files\Umbrella\Umbrella226.exe =>Adware.IMBooster
SR - | Auto 06/11/2009 229458 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s
---\\ Scâner Aditional (088)
Database Version : 13045 - (04/05/2014)
Clés trouvées (Keys found) : 44
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 8
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>PUP.Minibar^
[HKLM\SYSTEM\CurrentControlSet\Services\SProtection] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\I] =>Adware.IncrediBar
[HKLM\Software\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Classes\esrv.iminentESrvc] =>Adware.IMBooster
[HKLM\Software\Classes\esrv.iminentESrvc.1] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentappCore] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentappCore.1] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentdskBnd] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentdskBnd.1] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentHlpr] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentHlpr.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{1FAFD711-ABF9-4F6A-8130-5166C7371427} =>Adware.IMBooster^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\extensions\ffxtlbr@iminent.com =>Adware.IMBooster^
C:\Program Files\Iminent =>Adware.IMBooster^
C:\Program Files\IminentToolbar =>Adware.IMBooster^
C:\Users\PC\AppData\Roaming\IminentToolbar =>Adware.IMBooster^
C:\Program Files\Common Files\Umbrella =>Adware.IMBooster
C:\Program Files\Common Files\Umbrella\Umbrella226.exe =>Adware.IMBooster^
C:\Users\PC\AppData\Roaming\igdhbblPCellaljokkpfhcjlagemhgjl\minibarchrome.exe =>PUP.Minibar^
[HKCU\Software\IminentToolbar] =>Adware.IMBooster^
[HKLM\Software\IminentToolbar] =>Adware.IMBooster^
C:\Windows\Installer\577296.msi =>Toolbar.Bing^
[HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C}] (iminent Helper Object) =>Adware.IMBooster^
[HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427}] (Iminent Toolbar) =>Adware.IMBooster^
[HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] (IMinent WebBooster (BHO)) =>Adware.IMBooster^
~ Additionnel Scan: 360259 Items scanned in 00mn 41s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Minibar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Datamngr
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IncrediBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
~ MSI: 7 link(s) detected in 00mn 00s
~ 810 Legitimates filtered by white list
End of the scan (605 lines in 01mn 52s)(0)
~ Iniciado por PC (05/05/2014 22:23:45)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 29.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Starter, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 102 GB (34%) free of 293 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PC-WIN
~ User Name: PC
~ All Users Names: PC, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\PC\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\PC\AppData\Roaming\
~ %Desktop% : C:\Users\PC\Desktop\
~ %Favorites% : C:\Users\PC\Favorites\
~ %LocalAppData% : C:\Users\PC\AppData\Local\
~ %StartMenu% : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 102 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 5 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.8E87270C4704CF2951E1E7820D6C8A2B] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/06/2012 - 05:25:08.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.187002CE05693C306F43C873F821381F] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 02:44:01.) -- C:\Windows\system32\Drivers\ntfs.sys [1210240]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/1942
~ Mes musiques (My Musics) : 17/1932
~ Mes Videos (My Videos) : 1/617
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/3363
~ Mon Bureau (My Desktop) : 3/2024
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 14s
---\\ Processos lançados
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\GbpSv.exe [520520] [PID.788]
[MD5.A41F8321D64FD1CBC8DF7DC29F785A4B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe [229458] [PID.1092]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1496]
[MD5.01E81C84AD1D0ACC61CF3CFD06632210] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [116608] [PID.352]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.392]
[MD5.6416F9B6B220F0A890525C38235AFAD7] - (.LSI Corporation - LSI Soft Modem Call Progress Service.) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336] [PID.580]
[MD5.E956C0614367D4106A4411F151D494A5] - (.No owner - DCSHOST.) -- C:\ProgramData\DatacardService\HWDeviceService.exe [264704] [PID.1564]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.332]
[MD5.B05640AC812FCCB488328DF34E7F663A] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392] [PID.1768]
[MD5.8C59F909C5C2B136C5F38A9F48558663] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1676]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.1700]
[MD5.3142195521FEE436088EE8A5748DE1B1] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520] [PID.1648]
[MD5.38D198A2DD54A67120040566A38103BA] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016] [PID.2072]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040] [PID.2144]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.2348]
[MD5.FA10D5FBD2BF7B90CDC08CCBE3593881] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [3211776] [PID.2380]
[MD5.E812316104EBCD9051FDEC9FC3F034EF] - (...) -- C:\Program Files\OEM\i-PowerXross 1.0\i-PowerXross.exe [512000] [PID.2448]
[MD5.C9DF72070FA9628E5561D48FAACDC4D6] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.0\SunflowerOSD.exe [449024] [PID.2524]
[MD5.D91AFB6D2A0DA7539B74FB5838775D94] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [98632] [PID.2540]
[MD5.637A0F23F9012358E92E6F99835494D1] - (.Microsoft Corporation - SQL Server VSS Writer.) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840] [PID.2744]
[MD5.30C3DEFEE78AEFB92ECE5536F017F8E8] - (.Iminent - Iminent Protection.) -- C:\Program Files\Common Files\Umbrella\Umbrella226.exe [3052352] [PID.6024] =>Adware.IMBooster
[MD5.3FDBC28DEF3378089C5EE301637970BA] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4732]
[MD5.8858F7FE986DD156F88488EDA50CC446] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.5000]
[MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.3948]
[MD5.700803AC9B451FB67DF35EF0E05382E7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7869952] [PID.5836]
[MD5.4C287F9069FEDBD791178876EE9DE536] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4388]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\user.js
M3 - MFPP: Plugins - [PC] -- C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\searchplugins\iminent.xml =>Adware.IMBooster
M0 - MFSP: prefs.js [PC - qad0app8.default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
M2 - MFEP: prefs.js [PC - qad0app8.default\ffxtlbr@iminent.com] [] Iminent Toolbar v1.6.0 (..) =>Adware.IMBooster
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: iminent Helper Object - {112BA211-334C-4A90-90EC-2AD1CDAB287C} . (.Iminent - No Comment.) -- C:\Program Files\IminentToolbar\1.8.28.3\bh\iminent.dll =>Adware.IMBooster
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} . (.SIEN - Minibar.) -- C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll =>PUP.Minibar
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Iminent Toolbar - [HKLM]{1FAFD711-ABF9-4F6A-8130-5166C7371427} . (.Iminent - No Comment.) -- C:\Program Files\IminentToolbar\1.8.28.3\iminentTlbr.dll =>Adware.IMBooster
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Program [PC]: Primeiros passos.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
~ Global Startup: 1 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{74EC7B17-E094-499E-980C-7CD0BCF37191}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\GbpSv.exe
O23 - Service: HWDeviceService.exe (HWDeviceService.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: SProtection (SProtection) . (.Iminent - Iminent Protection.) - C:\Program Files\Common Files\Umbrella\Umbrella226.exe =>Adware.IMBooster
~ Services: 9 Legitimates Filtered in 00mn 08s
---\\ Tarefas planificadas automaticamente (039)
[MD5.EF46205D284DFFE5AC49866003E24123] [APT] [FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl] (.Sien SA.) -- C:\Users\PC\AppData\Roaming\igdhbblPCellaljokkpfhcjlagemhgjl\minibarchrome.exe [869184] =>PUP.Minibar
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000Core [894]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3430390850-1644443459-295647366-1000UA [916]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1044]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1048]
~ Scheduled Task: 14 Legitimates Filtered in 00mn 03s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Ares 2.1.9 - (.Ares Development Group.) [HKLM] -- Ares
O42 - Logiciel: CCE+SABER - v1.0 - (.CCE+SABER.) [HKLM] -- {D445A7B9-69A8-4860-95B9-BB957281D9A0}_is1
O42 - Logiciel: Driver 1.0 - (.Shuttle.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: FreeFixer - (.Kephyr.) [HKLM] -- FreeFixer1.09
O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- IMBoosterARP =>Adware.IMBooster
O42 - Logiciel: Klavaro-1.9.7 - (...) [HKLM] -- Klavaro_is1
O42 - Logiciel: OSD 1.0 - (.OEM.) [HKLM] -- {4C2AF428-6E7F-443E-B147-3A8327C2053F}
O42 - Logiciel: Plugin Letras.mus.br 1.20 - (.Letras.mus.br.) [HKLM] -- Plugin Letras.mus.br
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: i-PowerXross 1.0 - (.OEM.) [HKLM] -- {F1E25CFC-1243-4210-81B6-0C3D104D7083}
~ Logic: 21 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares]
[HKCU\Software\IminentToolbar] =>Adware.IMBooster
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\SHUTTLE]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\CCB]
[HKLM\Software\IminentToolbar] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\SoilIO]
[HKLM\Software\Umbrella]
~ Key Software: 230 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/12/2012 - 22:49:37 - [] ----D C:\Program Files\Ares
O43 - CFD: 27/04/2013 - 14:49:19 - [] -SH-D C:\Program Files\eb5
O43 - CFD: 13/04/2014 - 12:08:46 - [] ----D C:\Program Files\FreeFixer
O43 - CFD: 05/05/2014 - 22:08:39 - [] ---AD C:\Program Files\Iminent =>Adware.IMBooster
O43 - CFD: 05/05/2014 - 22:08:46 - [] ----D C:\Program Files\IminentToolbar =>Adware.IMBooster
O43 - CFD: 23/04/2014 - 10:41:06 - [] ----D C:\Program Files\Klavaro-1.9.7
O43 - CFD: 25/07/2012 - 21:19:10 - [] ----D C:\Program Files\LGInternetKit
O43 - CFD: 29/03/2012 - 03:05:08 - [] ----D C:\Program Files\PluginLetras
O43 - CFD: 23/07/2010 - 13:56:15 - [] ----D C:\Program Files\Shuttle
O43 - CFD: 10/09/2011 - 21:21:12 - [] ----D C:\Program Files\Vivo
O43 - CFD: 10/09/2011 - 21:21:25 - [] ----D C:\Program Files\VIVO INTERNET
O43 - CFD: 05/05/2014 - 22:08:28 - [] ----D C:\Program Files\Common Files\Umbrella
O43 - CFD: 29/04/2014 - 18:31:50 - [] ----D C:\ProgramData\MiniApp
O43 - CFD: 13/04/2014 - 12:09:04 - [0] ----D C:\Users\PC\AppData\Roaming\FreeFixer
O43 - CFD: 05/05/2014 - 22:23:44 - [] ----D C:\Users\PC\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
O43 - CFD: 05/05/2014 - 22:08:45 - [] ----D C:\Users\PC\AppData\Roaming\IminentToolbar =>Adware.IMBooster
O43 - CFD: 28/04/2014 - 11:28:01 - [] ----D C:\Users\PC\AppData\Roaming\klavaro
O43 - CFD: 25/09/2011 - 10:46:00 - [] ----D C:\Users\PC\AppData\Roaming\VIVO INTERNET
O43 - CFD: 17/03/2013 - 17:37:58 - [] ----D C:\Users\PC\AppData\Roaming\[ManufacturerNonTM]
O43 - CFD: 07/12/2012 - 22:49:40 - [] ----D C:\Users\PC\AppData\Local\Ares
O43 - CFD: 13/04/2014 - 12:16:02 - [] ----D C:\Users\PC\AppData\Local\FreeFixer
O43 - CFD: 13/04/2014 - 12:08:47 - [] ----D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
~ Program Folder: 191 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A5C914C5CBCFF645434535234BFCEACA] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O44 - LFC:[MD5.0F5E9488E39E62F692741330624D31BC] - 01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 04/05/2014 - 23:02:58 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 05/05/2014 - 11:14:37 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 05/05/2014 - 16:45:28 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.991F351722ABAB0DFFAF44A2EBB053DC] - 05/05/2014 - 17:12:34 ---A- . (...) -- C:\zoek-results.log [19851]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
~ Files: 25 Legitimates Filtered in 00mn 03s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
~ IFEO: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=
~ MWPE Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:29/08/2012 - 13:06:36 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:29/04/2014 - 18:36:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:08/10/2010 - 16:55:06 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [25856]
O58 - SDL:24/01/2014 - 11:48:32 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:01/05/2014 - 11:33:01 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:06/08/2010 - 07:42:34 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [861696]
O58 - SDL:04/12/2009 - 16:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:04/12/2009 - 16:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:04/12/2009 - 16:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:06/11/2009 - 23:50:00 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [420864]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 100 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 29/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 24/01/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 103 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {460C3D19-B3D4-4964-A550-77D263B0CCCB} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (StartWeb) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.FEED27DEB00EE4340AD66FD870BC2D93] [SPRF][03/09/2011] (.MPC-HC Team - Media Player Classic - Home Cinema Setup.) -- C:\Users\PC\Desktop\MPC-HomeCinema.1.5.2.3456.x86.exe [5607808]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\Windows\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico =>Toolbar.Bing
~ Update Products: 1 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.683EF495176EB6BF6C18BDA0A304C22E] [WIS][21/10/2011] (.Microsoft Corporation - Bing Bar.) -- C:\Windows\Installer\577296.msi [4771840] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 01s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\iminenttoolbar_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\iminenttoolbar_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 287 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C}] (iminent Helper Object) =>Adware.IMBooster
[HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427}] (Iminent Toolbar) =>Adware.IMBooster
[HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] (IMinent WebBooster (BHO)) =>Adware.IMBooster
~ BCK: 6252 Legitimates Filtered in 00mn 09s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe =>Toolbar.Bing
SS - | Auto 04/02/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 04/02/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 22/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 11/07/2012 116608 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 27/03/2009 14336 | (AgereModemAudio) . (.LSI Corporation.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
SR - | Auto 29/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe =>Toolbar.Bing
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\GbpSv.exe
SR - | Auto 16/11/2010 264704 | (HWDeviceService.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService.exe
SR - | Auto 11/04/2014 3052352 | (SProtection) . (.Iminent.) - C:\Program Files\Common Files\Umbrella\Umbrella226.exe =>Adware.IMBooster
SR - | Auto 06/11/2009 229458 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8da98c8ea4b9eb25\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s
---\\ Scâner Aditional (088)
Database Version : 13045 - (04/05/2014)
Clés trouvées (Keys found) : 44
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 8
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>PUP.Minibar^
[HKLM\SYSTEM\CurrentControlSet\Services\SProtection] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP] =>Adware.IMBooster^
[HKLM\Software\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\I] =>Adware.IncrediBar
[HKLM\Software\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl] =>Adware.IMBooster
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Classes\esrv.iminentESrvc] =>Adware.IMBooster
[HKLM\Software\Classes\esrv.iminentESrvc.1] =>Adware.IMBooster
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentappCore] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentappCore.1] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentdskBnd] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentdskBnd.1] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentHlpr] =>Adware.IMBooster
[HKLM\Software\Classes\iminent.iminentHlpr.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.BrowserHelperObject.1] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender] =>Adware.IMBooster
[HKLM\Software\Classes\IminentWebBooster.ScriptExtender.1] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{1FAFD711-ABF9-4F6A-8130-5166C7371427} =>Adware.IMBooster^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\extensions\ffxtlbr@iminent.com =>Adware.IMBooster^
C:\Program Files\Iminent =>Adware.IMBooster^
C:\Program Files\IminentToolbar =>Adware.IMBooster^
C:\Users\PC\AppData\Roaming\IminentToolbar =>Adware.IMBooster^
C:\Program Files\Common Files\Umbrella =>Adware.IMBooster
C:\Program Files\Common Files\Umbrella\Umbrella226.exe =>Adware.IMBooster^
C:\Users\PC\AppData\Roaming\igdhbblPCellaljokkpfhcjlagemhgjl\minibarchrome.exe =>PUP.Minibar^
[HKCU\Software\IminentToolbar] =>Adware.IMBooster^
[HKLM\Software\IminentToolbar] =>Adware.IMBooster^
C:\Windows\Installer\577296.msi =>Toolbar.Bing^
[HKCR\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C}] (iminent Helper Object) =>Adware.IMBooster^
[HKCR\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427}] (Iminent Toolbar) =>Adware.IMBooster^
[HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] (IMinent WebBooster (BHO)) =>Adware.IMBooster^
~ Additionnel Scan: 360259 Items scanned in 00mn 41s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Minibar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Datamngr
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IncrediBar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
~ MSI: 7 link(s) detected in 00mn 00s
~ 810 Legitimates filtered by white list
End of the scan (605 lines in 01mn 52s)(0)
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Você andou baixando algum adware ou clicando em algum anúncio agora há pouco? porque há outros adwares que não estavam antes no PC.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
Eu so cliquei nos que voce mandou no link do cclear so que não baixava o cclar por isso pedi o link pode ter sido isso.
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
é porque você tem que pegar o "jeito" de não clicar nos anúncios quando for baixar algum programa, você deve ter clicado nos anúncios.
Vamos ter que começar a limpeza tudo de novo.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Vamos ter que começar a limpeza tudo de novo.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
Mas... esses adware entram no pc sem nem mesmo eu clicar em nada!
Está dificil! Não tem um anti adware não?
Está dificil! Não tem um anti adware não?
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Depois no final vou te passar umas dicas que ajudam a bloquear eles. Use o adwcleaner por enquanto.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
# AdwCleaner v3.207 - Relatório criado 05/05/2014 às 22:36:42
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Starter (32 bits)
# Usuário : PC - PC-WIN
# Executando de : C:\Users\PC\Downloads\AdwCleaner(1).exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files\IminentToolbar
Pasta Deletada : C:\Users\PC\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
Pasta Deletada : C:\Users\PC\AppData\Roaming\IminentToolbar
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\invalidprefs.js
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\searchplugins\iminent.xml
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\user.js
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16447
-\\ Mozilla Firefox v29.0 (pt-BR)
[ Arquivo : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js ]
Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=65408595-E681-41FD-8991-62B28C2D5E8C");
Linha deletada : user_pref("extensions.iminent.admin", false);
Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
Linha deletada : user_pref("extensions.iminent.dfltLng", "");
Linha deletada : user_pref("extensions.iminent.excTlbr", false);
Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
Linha deletada : user_pref("extensions.iminent.id", "d07e79f9000000000000485d601d865a");
Linha deletada : user_pref("extensions.iminent.instlDay", "16196");
Linha deletada : user_pref("extensions.iminent.instlRef", "");
Linha deletada : user_pref("extensions.iminent.newTab", false);
Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
Linha deletada : user_pref("extensions.iminent.rvrt", "false");
Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Linha deletada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.322:08:46");
Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Linha deletada : user_pref("iminent.adapters", "{\"[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Linha deletada : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8338 octets] - [05/05/2014 11:14:01]
AdwCleaner[R1].txt - [5129 octets] - [05/05/2014 22:34:51]
AdwCleaner[R2].txt - [5189 octets] - [05/05/2014 22:35:42]
AdwCleaner[S0].txt - [8055 octets] - [05/05/2014 11:16:32]
AdwCleaner[S1].txt - [5019 octets] - [05/05/2014 22:36:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5079 octets] ##########
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Starter (32 bits)
# Usuário : PC - PC-WIN
# Executando de : C:\Users\PC\Downloads\AdwCleaner(1).exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files\IminentToolbar
Pasta Deletada : C:\Users\PC\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
Pasta Deletada : C:\Users\PC\AppData\Roaming\IminentToolbar
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\invalidprefs.js
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\searchplugins\iminent.xml
Arquivo Deletada : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\user.js
Arquivo Deletada : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16447
-\\ Mozilla Firefox v29.0 (pt-BR)
[ Arquivo : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js ]
Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=65408595-E681-41FD-8991-62B28C2D5E8C");
Linha deletada : user_pref("extensions.iminent.admin", false);
Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
Linha deletada : user_pref("extensions.iminent.dfltLng", "");
Linha deletada : user_pref("extensions.iminent.excTlbr", false);
Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
Linha deletada : user_pref("extensions.iminent.id", "d07e79f9000000000000485d601d865a");
Linha deletada : user_pref("extensions.iminent.instlDay", "16196");
Linha deletada : user_pref("extensions.iminent.instlRef", "");
Linha deletada : user_pref("extensions.iminent.newTab", false);
Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
Linha deletada : user_pref("extensions.iminent.rvrt", "false");
Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Linha deletada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.322:08:46");
Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Linha deletada : user_pref("iminent.adapters", "{\"[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Linha deletada : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
-\\ Google Chrome v34.0.1847.131
[ Arquivo : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8338 octets] - [05/05/2014 11:14:01]
AdwCleaner[R1].txt - [5129 octets] - [05/05/2014 22:34:51]
AdwCleaner[R2].txt - [5189 octets] - [05/05/2014 22:35:42]
AdwCleaner[S0].txt - [8055 octets] - [05/05/2014 11:16:32]
AdwCleaner[S1].txt - [5019 octets] - [05/05/2014 22:36:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5079 octets] ##########
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Faça uma limpeza com o Zoek como mostra o tutorial abaixo e poste o relatório dele:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Adwares e PUPs no PC
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by PC on 05/05/2014 at 22:45:25,40.
Microsoft Windows 7 Starter 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PC\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-05-201234.log 19851 bytes
==== System Restore Info ======================
05/05/2014 22:46:34 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "StartWeb");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/04/2014 18:36]
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
34663C9214E30B9B80F1D35A074B8DFC - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
7DD81A64EB213BF1FB8656345C6A6F1D - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
D86F9B69869E9354C2031B564998DFB1 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
57BCE27582F15E360F6003DC67B8C2CC - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
5D12C858A31BBBE00B040CC7B72035B4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
Koji NISHIDA - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf
Docs - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
YouTube - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\PC\Desktop\Auslogics Disk Defrag.lnk - C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
C:\Users\PC\Desktop\CCleaner - Atalho.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\PC\Desktop\Continue Ccleaner.lnk - C:\Users\PC\Downloads\Ccleaner(1).exe
C:\Users\PC\Desktop\devenv - Atalho.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\Desktop\Secure Download Manager.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Installer\{D618297E-D3F2-4E18-915C-02182A134394}\_1BD30779A1894CA5522674.exe
C:\Users\PC\Desktop\WindowsPhone - Atalho.lnk - C:\Program Files\Windows Phone\WindowsPhone.exe
C:\Users\PC\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\PC\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\PC\Desktop\Jr\Filmes\Crepusculo Parte 2\Documentos - Atalho.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Ares.lnk - C:\Program Files\Ares\Ares.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Webcam.lnk - C:\Windows\Installer\{FF6434EA-69FA-4CAA-97F3-5A9EDBD62103}\_AFC4D9FF0CB3A0B91C8D21.exe
==== shortcuts in Users Start Menu ======================
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\FreeFixer.lnk - C:\Program Files\FreeFixer\freefixer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\Uninstall.lnk - C:\Program Files\FreeFixer\Uninstall.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Klavaro-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\bin\klavaro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Remove-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\System32\msiexec.exe /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.1 Beta 3.lnk - C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Visualg (Versão 2).lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Visual Studio 2010.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\qad0app8.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=25 folders=8 5247219 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\PC\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\PC\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 05/05/2014 at 23:09:56,50 ======================
Tool run by PC on 05/05/2014 at 22:45:25,40.
Microsoft Windows 7 Starter 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PC\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-05-201234.log 19851 bytes
==== System Restore Info ======================
05/05/2014 22:46:34 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "StartWeb");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29/04/2014 18:36]
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\qad0app8.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
34663C9214E30B9B80F1D35A074B8DFC - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
7DD81A64EB213BF1FB8656345C6A6F1D - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
D86F9B69869E9354C2031B564998DFB1 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
57BCE27582F15E360F6003DC67B8C2CC - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
5D12C858A31BBBE00B040CC7B72035B4 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
E83B541C71965CFA1DEFF846CD6E9ECD - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll - Google Update
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
9013599B12923A45C029C34E8D2211AC - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
65FB4909BD29CAAA81FDC69AD21BB905 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
01F0264937036BD962563F1ADF35CE72 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
BF2AD333C79072EEBE5AE0D72670E64E - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
Koji NISHIDA - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\acganlmcjehnfmehkmlimgkaloifodlf
Docs - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
YouTube - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\PC\Desktop\Auslogics Disk Defrag.lnk - C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
C:\Users\PC\Desktop\CCleaner - Atalho.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\PC\Desktop\Continue Ccleaner.lnk - C:\Users\PC\Downloads\Ccleaner(1).exe
C:\Users\PC\Desktop\devenv - Atalho.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\Desktop\Secure Download Manager.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Installer\{D618297E-D3F2-4E18-915C-02182A134394}\_1BD30779A1894CA5522674.exe
C:\Users\PC\Desktop\WindowsPhone - Atalho.lnk - C:\Program Files\Windows Phone\WindowsPhone.exe
C:\Users\PC\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\PC\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
C:\Users\PC\Desktop\Jr\Filmes\Crepusculo Parte 2\Documentos - Atalho.lnk - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Ares.lnk - C:\Program Files\Ares\Ares.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Webcam.lnk - C:\Windows\Installer\{FF6434EA-69FA-4CAA-97F3-5A9EDBD62103}\_AFC4D9FF0CB3A0B91C8D21.exe
==== shortcuts in Users Start Menu ======================
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\FreeFixer.lnk - C:\Program Files\FreeFixer\freefixer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\Uninstall.lnk - C:\Program Files\FreeFixer\Uninstall.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Klavaro-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\bin\klavaro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klavaro\Remove-1.9.7.lnk - C:\Program Files\Klavaro-1.9.7\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\System32\msiexec.exe /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.1 Beta 3.lnk - C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Visualg (Versão 2).lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Visual Studio 2010.lnk - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\PC\AppData\Local\Mozilla\Firefox\Profiles\qad0app8.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=25 folders=8 5247219 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\PC\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\PC\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on 05/05/2014 at 23:09:56,50 ======================
pabloescobar- Membro
- Mensagens : 68
Reputação : 0
Data de inscrição : 17/04/2014
Localização : Minas Gerais
Re: Adwares e PUPs no PC
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 2 • 1, 2
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos
|
|