Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 13 usuários online :: 0 registrados, 0 invisíveis e 13 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Certificado CE_UmbrellaCert
3 participantes
Página 1 de 1
Certificado CE_UmbrellaCert
por Chawless Dom 25 maio 2014, 21:32
Olá, gostaria de enviar o relatório da limpeza feita por AdwCleaner em meu computador para remover a mensagem de certificado CE_Umbrellacert infernal que aparece a toda hora. Agradeceria a ajuda, o mais rápido se possível D; Aí está o relatório:
# AdwCleaner v3.211 - Relatório criado 25/05/2014 às 21:19:55
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language (64 bits)
# Usuário : Charles Pereira - MORCEGO
# Executando de : C:\Users\Charles Pereira\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64
[#] Serviço Deletada : Update webget
Serviço Deletada : Wajam Internet Enhancer Service
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
Pasta Deletada : C:\Program Files (x86)\Wajam
Pasta Deletada : C:\Program Files (x86)\webget
Pasta Deletada : C:\Users\Charles Pereira\AppData\Local\PriceMeter
Pasta Deletada : C:\Users\CHARLE~1\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\CHARLE~1\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\Charles Pereira\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Charles Pereira\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\END
Arquivo Deletada : C:\WINDOWS\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
Arquivo Deletada : C:\WINDOWS\System32\roboot64.exe
Arquivo Deletada : C:\WINDOWS\System32\Tasks\pricemeterdownloader
Arquivo Deletada : C:\WINDOWS\System32\Tasks\pricemetertask
Arquivo Deletada : C:\WINDOWS\System32\Tasks\pricemeterwatcher
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\Wajam
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3849 octets] - [25/05/2014 21:18:29]
AdwCleaner[S0].txt - [3524 octets] - [25/05/2014 21:19:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3584 octets] ##########
# AdwCleaner v3.211 - Relatório criado 25/05/2014 às 21:19:55
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language (64 bits)
# Usuário : Charles Pereira - MORCEGO
# Executando de : C:\Users\Charles Pereira\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64
[#] Serviço Deletada : Update webget
Serviço Deletada : Wajam Internet Enhancer Service
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
Pasta Deletada : C:\Program Files (x86)\Wajam
Pasta Deletada : C:\Program Files (x86)\webget
Pasta Deletada : C:\Users\Charles Pereira\AppData\Local\PriceMeter
Pasta Deletada : C:\Users\CHARLE~1\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\CHARLE~1\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\Charles Pereira\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Charles Pereira\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\END
Arquivo Deletada : C:\WINDOWS\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
Arquivo Deletada : C:\WINDOWS\System32\roboot64.exe
Arquivo Deletada : C:\WINDOWS\System32\Tasks\pricemeterdownloader
Arquivo Deletada : C:\WINDOWS\System32\Tasks\pricemetertask
Arquivo Deletada : C:\WINDOWS\System32\Tasks\pricemeterwatcher
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\Wajam
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3849 octets] - [25/05/2014 21:18:29]
AdwCleaner[S0].txt - [3524 octets] - [25/05/2014 21:19:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3584 octets] ##########
Chawless- Iniciante
- Mensagens : 10
Reputação : 1
Data de inscrição : 25/05/2014
Re: Certificado CE_UmbrellaCert
por Power Max Dom 25 maio 2014, 21:39
Olá.Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 26 maio 2014, 18:41, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Log do Zoek
por Chawless Seg 26 maio 2014, 18:39
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Charles Pereira on 26/05/2014 at 18:10:44,66.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Charles Pereira\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26/05/2014 18:12:49 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\PROGRA~2\SearchSnacks\Service\sssvc.exe" deleted
"C:\PROGRA~2\SearchSnacks" not deleted
"C:\PROGRA~2\SearchSnacks\Service" not deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05/05/2014 18:14]
Google Docs - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Andrzej Mleczko - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddhjciibknifaafahnnjbpfnepoclm
Password must be between 6 and 64 characters long. - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj
Google Wallet - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage deleted successfully
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{46C20602-7500-473A-9A39-66652BF6B03F}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{46C20602-7500-473A-9A39-66652BF6B03F} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-963319965-3930934361-3386377811-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_USERS\S-1-5-21-963319965-3930934361-3386377811-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_USERS\S-1-5-21-963319965-3930934361-3386377811-1001\Software\Microsoft\Internet Explorer\SearchScopes\{46C20602-7500-473A-9A39-66652BF6B03F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\Charles Pereira\Desktop\ASIO4ALL v2 Instruction Manual.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf
C:\Users\Charles Pereira\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Charles Pereira\Desktop\Torrent Opener.lnk - C:\Program Files (x86)\Torrent Opener\Torrent Opener.exe
C:\Users\Default\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Default User\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\USURIO~1\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Discador Oi.lnk - C:\Program Files (x86)\Oi\Oi3G\DiscadorOi.exe
C:\Users\Public\Desktop\FL Studio 11.lnk - C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
C:\Users\Public\Desktop\Free Video Player.lnk - C:\Program Files (x86)\FreeVideoPlayer\FreeVideoPlayer.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Guia de Usuário.lnk -
C:\Users\Public\Desktop\Intel AppUp(SM) center.lnk - C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe --domain F0399437-FD0C-4A48-B101-F0314A6172E4
C:\Users\Public\Desktop\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe
C:\Users\Public\Desktop\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe
C:\Users\Public\Desktop\Lenovo YouCam.lnk - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
C:\Users\Public\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
==== shortcuts in Users Start Menu ======================
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL Web Site.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL Web Site.url
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\Uninstall.lnk - C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager.lnk - C:\Program Files (x86)\Image-Line\Downloader\ILDownloadManager.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\More....lnk - C:\Program Files (x86)\Image-Line\Shared\Start
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér\Uninstall Price Metér.lnk -
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk - C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line\More....lnk - C:\Program Files (x86)\Image-Line\Shared\Start
==== shortcuts in Quick Launch ======================
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AdwCleaner.lnk - C:\Users\Charles Pereira\Desktop\AdwCleaner.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UserGuide.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:51158;https=127.0.0.1:51158"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Charles Pereira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Charles Pereira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=11 folders=4 772920 bytes)
==== Empty Temp Folders ======================
C:\Users\Charles Pereira\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\CHARLE~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-B4-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not deleted
"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not deleted
"C:\PROGRA~2\SearchSnacks" not found
==== EOF on 26/05/2014 at 18:31:00,48 ======================
Tool run by Charles Pereira on 26/05/2014 at 18:10:44,66.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Charles Pereira\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26/05/2014 18:12:49 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\PROGRA~2\SearchSnacks\Service\sssvc.exe" deleted
"C:\PROGRA~2\SearchSnacks" not deleted
"C:\PROGRA~2\SearchSnacks\Service" not deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05/05/2014 18:14]
Google Docs - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Andrzej Mleczko - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddhjciibknifaafahnnjbpfnepoclm
Password must be between 6 and 64 characters long. - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj
Google Wallet - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage deleted successfully
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{46C20602-7500-473A-9A39-66652BF6B03F}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{46C20602-7500-473A-9A39-66652BF6B03F} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-963319965-3930934361-3386377811-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_USERS\S-1-5-21-963319965-3930934361-3386377811-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_USERS\S-1-5-21-963319965-3930934361-3386377811-1001\Software\Microsoft\Internet Explorer\SearchScopes\{46C20602-7500-473A-9A39-66652BF6B03F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\Charles Pereira\Desktop\ASIO4ALL v2 Instruction Manual.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf
C:\Users\Charles Pereira\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Charles Pereira\Desktop\Torrent Opener.lnk - C:\Program Files (x86)\Torrent Opener\Torrent Opener.exe
C:\Users\Default\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Default User\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\USURIO~1\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Discador Oi.lnk - C:\Program Files (x86)\Oi\Oi3G\DiscadorOi.exe
C:\Users\Public\Desktop\FL Studio 11.lnk - C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
C:\Users\Public\Desktop\Free Video Player.lnk - C:\Program Files (x86)\FreeVideoPlayer\FreeVideoPlayer.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Guia de Usuário.lnk -
C:\Users\Public\Desktop\Intel AppUp(SM) center.lnk - C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe --domain F0399437-FD0C-4A48-B101-F0314A6172E4
C:\Users\Public\Desktop\Lenovo PowerDVD 10.lnk - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe
C:\Users\Public\Desktop\Lenovo Solution Center.lnk - C:\Program Files (x86)\Lenovo\Lenovo Solution Center\LSC.exe
C:\Users\Public\Desktop\Lenovo YouCam.lnk - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
C:\Users\Public\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH
==== shortcuts in Users Start Menu ======================
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL Web Site.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL Web Site.url
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\Uninstall.lnk - C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager.lnk - C:\Program Files (x86)\Image-Line\Downloader\ILDownloadManager.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\More....lnk - C:\Program Files (x86)\Image-Line\Shared\Start
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér\Uninstall Price Metér.lnk -
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk - C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line\More....lnk - C:\Program Files (x86)\Image-Line\Shared\Start
==== shortcuts in Quick Launch ======================
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AdwCleaner.lnk - C:\Users\Charles Pereira\Desktop\AdwCleaner.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UserGuide.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:51158;https=127.0.0.1:51158"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Charles Pereira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Charles Pereira\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=11 folders=4 772920 bytes)
==== Empty Temp Folders ======================
C:\Users\Charles Pereira\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\CHARLE~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-B4-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not deleted
"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not deleted
"C:\PROGRA~2\SearchSnacks" not found
==== EOF on 26/05/2014 at 18:31:00,48 ======================
Chawless- Iniciante
- Mensagens : 10
Reputação : 1
Data de inscrição : 25/05/2014
Re: Certificado CE_UmbrellaCert
por Power Max Seg 26 maio 2014, 18:41
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Log do Junkware Removal Tool
por Chawless Seg 26 maio 2014, 19:16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by Charles Pereira on 26/05/2014 at 19:04:32,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2014 at 19:14:35,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by Charles Pereira on 26/05/2014 at 19:04:32,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2014 at 19:14:35,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chawless- Iniciante
- Mensagens : 10
Reputação : 1
Data de inscrição : 25/05/2014
Re: Certificado CE_UmbrellaCert
por Power Max Seg 26 maio 2014, 19:20
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO)Log ZHPDiag2
por Chawless Seg 26 maio 2014, 19:41
~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Charles Pereira (26/05/2014 19:35:26)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16899
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Windows Defender W8 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3993 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 359 GB (84%) free of 425 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MORCEGO
~ User Name: Charles Pereira
~ All Users Names: HomeGroupUser$, Convidado, Charles Pereira, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Charles Pereira\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Charles Pereira\AppData\Roaming\
~ %Desktop% : C:\Users\Charles Pereira\Desktop\
~ %Favorites% : C:\Users\Charles Pereira\Favorites\
~ %LocalAppData% : C:\Users\Charles Pereira\AppData\Local\
~ %StartMenu% : C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 359 Go of 425 Go)
D: Hard drive, Flash drive, Thumb drive (Free 23 Go of 25 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2327
~ Mes musiques (My Musics) : 50/1587
~ Mes Videos (My Videos) : 2/79
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 1/2252
~ Mon Bureau (My Desktop) : 2/18
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 02s
---\\ Processos lançados
[MD5.DB314CFF0FB931BEEF9AA53B4DBABDC5] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21064] [PID.3244]
[MD5.0916D660A63EB75166F6419689A42242] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224] [PID.4824]
[MD5.C2513AEB3F326B8811E2A37C9A7F930B] - (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464] [PID.4132]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432] [PID.4188]
[MD5.178ED8F65EFC80EED8346A082E04ED62] - (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856] [PID.1392]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.4792]
[MD5.D342CD9148D4F9BC75304C658D52C25E] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192] [PID.6120]
[MD5.67DE6D7B17B216A1DF1A3BFA1FFE9BA4] - (.Microsoft Corporation - Microsoft Office Document Cache Sync Client.) -- C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.exe [79600] [PID.2956]
[MD5.4FC8F124EF49757D890145232600D9FA] - (...) -- C:\Program Files (x86)\Zebar\bin\Zebar.BrowserAdapter.exe [96536] [PID.2232]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.5224]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.232]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51434;https=127.0.0.1:51434 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Zebar [64Bits] - {26e67fb2-111e-417f-966e-547ac43968cf} . (.Zebar - Zebar.) -- C:\Program Files (x86)\Zebar\Zebarbho.dll
~ BHO: 5 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{42435041-332D-5637-00A7-7A786E7484D7} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [RtsFT] . (.Realtek semiconductor - RTFTrack.) -- C:\Windows\RTFTrack.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SAII\SACpl.exe
O4 - HKLM\..\Run: [Energy Management] . (.Lenovo (Beijing) Limited - Lenovo Energy Management Software 8.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver 8.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ContentExplorer\ContentExplorer.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [GSMEjector] . (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ContentExplorer\ContentExplorer.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DD63CC2-C5CB-42F2-9AE9-8EE060B71FCF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4E3D2C6-F118-4222-B890-C4A5E81FC602}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DD63CC2-C5CB-42F2-9AE9-8EE060B71FCF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4E3D2C6-F118-4222-B890-C4A5E81FC602}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: GSM Ejector Service (GSMEjector) . (...) - C:\WINDOWS\SysWOW64\GSMSrvEjector.exe
O23 - Service: Search Snacks Client Service (sssvc) . (...) - C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe (.not file.)
O23 - Service: Update Zebar (Update Zebar) . (...) - C:\Program Files (x86)\Zebar\updateZebar.exe
O23 - Service: Util Zebar (Util Zebar) . (...) - C:\Program Files (x86)\Zebar\bin\utilZebar.exe
~ Services: 13 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1098]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1102]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (ssnfd) . (.Search Snacks - Search Snacks Driver x64.) - C:\Windows\System32\drivers\ssnfd.sys
O41 - Driver: ({6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 54 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM][64Bits] -- ContentExplorer
O42 - Logiciel: Price Metér (remove only) - (.Price Meter.) [HKCU][64Bits] -- Price Metér =>PUP.PriceMeter
O42 - Logiciel: Search Snacks - (.Search Snacks.) [HKLM][64Bits] -- SearchSnacks
O42 - Logiciel: Torrent Opener - (.Torrent Opener.) [HKLM][64Bits] -- Torrent Opener
O42 - Logiciel: Zebar - (.Zebar.) [HKLM][64Bits] -- Zebar
~ Logic: 39 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\ContentExplorer]
[HKCU\Software\PriceMeter] =>PUP.PriceMeter
[HKCU\Software\Zebar]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\SmartUpdater]
[HKLM\Software\Wow6432Node\Zebar]
~ Key Software: 215 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2014 - 23:25:07 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 11/05/2014 - 23:28:25 - [] ----D C:\Program Files (x86)\HammerHead
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\Program Files (x86)\Oi
O43 - CFD: 27/03/2014 - 00:40:23 - [] ----D C:\Program Files (x86)\Torrent Opener
O43 - CFD: 14/03/2014 - 00:56:13 - [] ----D C:\Program Files (x86)\XMediaPlayer
O43 - CFD: 25/05/2014 - 21:44:11 - [] ----D C:\Program Files (x86)\Zebar
O43 - CFD: 25/05/2014 - 20:36:36 - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\ProgramData\OI
O43 - CFD: 25/05/2014 - 20:40:48 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\ContentExplorer
O43 - CFD: 11/05/2014 - 23:40:53 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\rmi
O43 - CFD: 27/03/2014 - 00:43:07 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Torrent Opener
O43 - CFD: 11/05/2014 - 23:23:44 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
O43 - CFD: 27/03/2014 - 00:40:26 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Opener
~ Program Folder: 118 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8FA1823706745581910C49F039755DFD] - 13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O44 - LFC:[MD5.DFE0CEA3B61CC2A5F53C3D91CCC4859D] - 22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.759023D05C6393E86E7C97343B2F3035] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.163CCDA5BBCF97B24F989412F4B80485] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 18:08:46 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.777AFD576DA6C2CD43A30727FD431B48] - 26/05/2014 - 18:31:00 ---A- . (...) -- C:\zoek-results.log [14772]
O44 - LFC:[MD5.D776C798FA2B615BD938D221143A34DA] - 26/05/2014 - 19:08:59 ---A- . (...) -- C:\Windows\win.ini [194]
~ Files: 55 Legitimates Filtered in 01mn 06s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{8cf51701-a0cb-11e3-be77-641c6762eb5c}\AutoRun\command. (...) -- F:\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 62 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][25/05/2014] (...) -- C:\Users\Charles Pereira\Desktop\AdwCleaner.exe [1327971]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
~ BTK: 72 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/01/2013 277488 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/02/2014 1662424 | (LSCWinService) . (...) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
SS - | Auto 10/07/1658 0 | (sssvc) . (...) - C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe
SR - | Auto 05/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 03/12/2012 202400 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\WINDOWS\system32\CxAudMsg64.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\WINDOWS\SysWOW64\GSMSrvEjector.exe
SR - | Auto 31/01/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 19/06/2012 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 06/11/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/09/2013 585032 | (Lenovo System Agent Service) . (.LENOVO INCORPORATED..) - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
SR - | Auto 06/11/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 06/11/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 25/05/2014 350488 | (Update Zebar) . (...) - C:\Program Files (x86)\Zebar\updateZebar.exe
SR - | Auto 25/05/2014 350488 | (Util Zebar) . (...) - C:\Program Files (x86)\Zebar\bin\utilZebar.exe
SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Metér] =>PUP.PriceMeter^
[HKCU\Software\PriceMeter] =>PUP.PriceMeter^
~ Additionnel Scan: 188925 Items scanned in 00mn 31s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.PriceMeter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
~ MSI: 4 link(s) detected in 00mn 00s
~ 606 Legitimates filtered by white list
End of the scan (435 lines in 02mn 23s)(0)
~ Iniciado por Charles Pereira (26/05/2014 19:35:26)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16899
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Windows Defender W8 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3993 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 359 GB (84%) free of 425 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MORCEGO
~ User Name: Charles Pereira
~ All Users Names: HomeGroupUser$, Convidado, Charles Pereira, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Charles Pereira\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Charles Pereira\AppData\Roaming\
~ %Desktop% : C:\Users\Charles Pereira\Desktop\
~ %Favorites% : C:\Users\Charles Pereira\Favorites\
~ %LocalAppData% : C:\Users\Charles Pereira\AppData\Local\
~ %StartMenu% : C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 359 Go of 425 Go)
D: Hard drive, Flash drive, Thumb drive (Free 23 Go of 25 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2327
~ Mes musiques (My Musics) : 50/1587
~ Mes Videos (My Videos) : 2/79
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 1/2252
~ Mon Bureau (My Desktop) : 2/18
~ Menu demarrer (Programs) : 1/35
~ Hidden Files: Scanned in 00mn 02s
---\\ Processos lançados
[MD5.DB314CFF0FB931BEEF9AA53B4DBABDC5] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21064] [PID.3244]
[MD5.0916D660A63EB75166F6419689A42242] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224] [PID.4824]
[MD5.C2513AEB3F326B8811E2A37C9A7F930B] - (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464] [PID.4132]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432] [PID.4188]
[MD5.178ED8F65EFC80EED8346A082E04ED62] - (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856] [PID.1392]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.4792]
[MD5.D342CD9148D4F9BC75304C658D52C25E] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192] [PID.6120]
[MD5.67DE6D7B17B216A1DF1A3BFA1FFE9BA4] - (.Microsoft Corporation - Microsoft Office Document Cache Sync Client.) -- C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.exe [79600] [PID.2956]
[MD5.4FC8F124EF49757D890145232600D9FA] - (...) -- C:\Program Files (x86)\Zebar\bin\Zebar.BrowserAdapter.exe [96536] [PID.2232]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.5224]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.232]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 11 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51434;https=127.0.0.1:51434 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Zebar [64Bits] - {26e67fb2-111e-417f-966e-547ac43968cf} . (.Zebar - Zebar.) -- C:\Program Files (x86)\Zebar\Zebarbho.dll
~ BHO: 5 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{42435041-332D-5637-00A7-7A786E7484D7} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [RtsFT] . (.Realtek semiconductor - RTFTrack.) -- C:\Windows\RTFTrack.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SAII\SACpl.exe
O4 - HKLM\..\Run: [Energy Management] . (.Lenovo (Beijing) Limited - Lenovo Energy Management Software 8.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver 8.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ContentExplorer\ContentExplorer.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [GSMEjector] . (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ContentExplorer\ContentExplorer.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\RunOnce: [Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DD63CC2-C5CB-42F2-9AE9-8EE060B71FCF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4E3D2C6-F118-4222-B890-C4A5E81FC602}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DD63CC2-C5CB-42F2-9AE9-8EE060B71FCF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4E3D2C6-F118-4222-B890-C4A5E81FC602}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: GSM Ejector Service (GSMEjector) . (...) - C:\WINDOWS\SysWOW64\GSMSrvEjector.exe
O23 - Service: Search Snacks Client Service (sssvc) . (...) - C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe (.not file.)
O23 - Service: Update Zebar (Update Zebar) . (...) - C:\Program Files (x86)\Zebar\updateZebar.exe
O23 - Service: Util Zebar (Util Zebar) . (...) - C:\Program Files (x86)\Zebar\bin\utilZebar.exe
~ Services: 13 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1098]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1102]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (ssnfd) . (.Search Snacks - Search Snacks Driver x64.) - C:\Windows\System32\drivers\ssnfd.sys
O41 - Driver: ({6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys =>PUP.LinkiDoo
~ Drivers: 54 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM][64Bits] -- ContentExplorer
O42 - Logiciel: Price Metér (remove only) - (.Price Meter.) [HKCU][64Bits] -- Price Metér =>PUP.PriceMeter
O42 - Logiciel: Search Snacks - (.Search Snacks.) [HKLM][64Bits] -- SearchSnacks
O42 - Logiciel: Torrent Opener - (.Torrent Opener.) [HKLM][64Bits] -- Torrent Opener
O42 - Logiciel: Zebar - (.Zebar.) [HKLM][64Bits] -- Zebar
~ Logic: 39 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\ContentExplorer]
[HKCU\Software\PriceMeter] =>PUP.PriceMeter
[HKCU\Software\Zebar]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\SmartUpdater]
[HKLM\Software\Wow6432Node\Zebar]
~ Key Software: 215 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2014 - 23:25:07 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 11/05/2014 - 23:28:25 - [] ----D C:\Program Files (x86)\HammerHead
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\Program Files (x86)\Oi
O43 - CFD: 27/03/2014 - 00:40:23 - [] ----D C:\Program Files (x86)\Torrent Opener
O43 - CFD: 14/03/2014 - 00:56:13 - [] ----D C:\Program Files (x86)\XMediaPlayer
O43 - CFD: 25/05/2014 - 21:44:11 - [] ----D C:\Program Files (x86)\Zebar
O43 - CFD: 25/05/2014 - 20:36:36 - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\ProgramData\OI
O43 - CFD: 25/05/2014 - 20:40:48 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\ContentExplorer
O43 - CFD: 11/05/2014 - 23:40:53 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\rmi
O43 - CFD: 27/03/2014 - 00:43:07 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Torrent Opener
O43 - CFD: 11/05/2014 - 23:23:44 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMetér
O43 - CFD: 27/03/2014 - 00:40:26 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Opener
~ Program Folder: 118 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8FA1823706745581910C49F039755DFD] - 13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O44 - LFC:[MD5.DFE0CEA3B61CC2A5F53C3D91CCC4859D] - 22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.759023D05C6393E86E7C97343B2F3035] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.163CCDA5BBCF97B24F989412F4B80485] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 18:08:46 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.777AFD576DA6C2CD43A30727FD431B48] - 26/05/2014 - 18:31:00 ---A- . (...) -- C:\zoek-results.log [14772]
O44 - LFC:[MD5.D776C798FA2B615BD938D221143A34DA] - 26/05/2014 - 19:08:59 ---A- . (...) -- C:\Windows\win.ini [194]
~ Files: 55 Legitimates Filtered in 01mn 06s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{8cf51701-a0cb-11e3-be77-641c6762eb5c}\AutoRun\command. (...) -- F:\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 62 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][25/05/2014] (...) -- C:\Users\Charles Pereira\Desktop\AdwCleaner.exe [1327971]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
~ BTK: 72 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/01/2013 277488 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/02/2014 1662424 | (LSCWinService) . (...) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
SS - | Auto 10/07/1658 0 | (sssvc) . (...) - C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe
SR - | Auto 05/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 03/12/2012 202400 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\WINDOWS\system32\CxAudMsg64.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\WINDOWS\SysWOW64\GSMSrvEjector.exe
SR - | Auto 31/01/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 19/06/2012 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 06/11/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/09/2013 585032 | (Lenovo System Agent Service) . (.LENOVO INCORPORATED..) - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
SR - | Auto 06/11/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 06/11/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 25/05/2014 350488 | (Update Zebar) . (...) - C:\Program Files (x86)\Zebar\updateZebar.exe
SR - | Auto 25/05/2014 350488 | (Util Zebar) . (...) - C:\Program Files (x86)\Zebar\bin\utilZebar.exe
SR - | Auto 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Metér] =>PUP.PriceMeter^
[HKCU\Software\PriceMeter] =>PUP.PriceMeter^
~ Additionnel Scan: 188925 Items scanned in 00mn 31s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.PriceMeter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
~ MSI: 4 link(s) detected in 00mn 00s
~ 606 Legitimates filtered by white list
End of the scan (435 lines in 02mn 23s)(0)
Chawless- Iniciante
- Mensagens : 10
Reputação : 1
Data de inscrição : 25/05/2014
Chawless- Iniciante
- Mensagens : 10
Reputação : 1
Data de inscrição : 25/05/2014
Re: Certificado CE_UmbrellaCert
por Danii Seg 26 maio 2014, 20:48
Peço que aguarde , por favor.
Seu log está sendo analisado.
Seu log está sendo analisado.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
(RESOLVIDO)Log ZHPDiag2
por Chawless Seg 26 maio 2014, 21:34
Mas isso demora muito tempo? Só pra eu não ficar esperando loucamente, pois dependo da disponibilidade de vocês. Agradeço muito o apoio...
Chawless- Iniciante
- Mensagens : 10
Reputação : 1
Data de inscrição : 25/05/2014
Re: Certificado CE_UmbrellaCert
por Danii Seg 26 maio 2014, 21:39
Como você pode perceber há outros casos a serem acompanhados.
Realizamos as análises de acordo com nosso tempo disponível.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Peço sua compreensão.
Realizamos as análises de acordo com nosso tempo disponível.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]Peço sua compreensão.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Re: Certificado CE_UmbrellaCert
por Power Max Ter 27 maio 2014, 09:58
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_____________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Ter 27 maio 2014, 23:03, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO)Relatório Zhpfix
por Chawless Ter 27 maio 2014, 19:22
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Charles Pereira at 27/05/2014 19:06:32
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\users\charles pereira\appdata\roaming\contentexplorer\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\searchsnacks\uninstall.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchSnacks]
ELIMINÉ: CLSID BHO: {26e67fb2-111e-417f-966e-547ac43968cf}
ELIMINÉ: Service: sssvc
ELIMINÉ: Service: Update Zebar
ELIMINÉ: Service: Util Zebar
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: ssnfd
ELIMINÉ Driver Key: {6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\ContentExplorer
ELIMINÉ: HKCU\Software\PriceMeter
ELIMINÉ: HKCU\Software\Zebar
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Zebar
ELIMINÉ CLSID MPSK: {8cf51701-a0cb-11e3-be77-641c6762eb5c}
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Metér
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {42435041-332D-5637-00A7-7A786E7484D7}
ELIMINÉ RunValue: ContentExplorer
ELIMINÉ RunValue: Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64
ELIMINÉ RunValue: Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910
ELIMINÉ RunValue: Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64
ELIMINÉ RunValue: Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217
ELIMINÉ RunValue: mcui_exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\program files (x86)\zebar\zebarbho.dll
ELIMINA REINICIAR: c:\users\charles pereira\appdata\roaming\contentexplorer\contentexplorer.exe
ELIMINA REINICIAR: c:\windows\system32\cmd.exe
ELIMINA REINICIAR: c:\program files (x86)\zebar\updatezebar.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\ssnfd.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}gw64.sys
ELIMINÉ Temporários windows (321) (2.456.378 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
23 : Chaves do Registo
13 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
8 : Ficheiros
2 : Softwares
1 : Restauração Sistema
End of clean in 00mn 57s
========== Caminho do ficheiro do relatório ==========
C:\Users\Charles Pereira\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 19:06:36 [3542]
Fichier d'export Registre :
Run by Charles Pereira at 27/05/2014 19:06:32
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\users\charles pereira\appdata\roaming\contentexplorer\uninstall.exe
AUSENTE Uninstall Process: c:\program files (x86)\searchsnacks\uninstall.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer]
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchSnacks]
ELIMINÉ: CLSID BHO: {26e67fb2-111e-417f-966e-547ac43968cf}
ELIMINÉ: Service: sssvc
ELIMINÉ: Service: Update Zebar
ELIMINÉ: Service: Util Zebar
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: ssnfd
ELIMINÉ Driver Key: {6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\ContentExplorer
ELIMINÉ: HKCU\Software\PriceMeter
ELIMINÉ: HKCU\Software\Zebar
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Zebar
ELIMINÉ CLSID MPSK: {8cf51701-a0cb-11e3-be77-641c6762eb5c}
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Price Metér
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {42435041-332D-5637-00A7-7A786E7484D7}
ELIMINÉ RunValue: ContentExplorer
ELIMINÉ RunValue: Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64
ELIMINÉ RunValue: Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910
ELIMINÉ RunValue: Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64
ELIMINÉ RunValue: Uninstall C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217
ELIMINÉ RunValue: mcui_exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\program files (x86)\zebar\zebarbho.dll
ELIMINA REINICIAR: c:\users\charles pereira\appdata\roaming\contentexplorer\contentexplorer.exe
ELIMINA REINICIAR: c:\windows\system32\cmd.exe
ELIMINA REINICIAR: c:\program files (x86)\zebar\updatezebar.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\ssnfd.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}gw64.sys
ELIMINÉ Temporários windows (321) (2.456.378 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
23 : Chaves do Registo
13 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
8 : Ficheiros
2 : Softwares
1 : Restauração Sistema
End of clean in 00mn 57s
========== Caminho do ficheiro do relatório ==========
C:\Users\Charles Pereira\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 19:06:36 [3542]
Chawless- Iniciante
- Mensagens : 10
Reputação : 1
Data de inscrição : 25/05/2014
Re: Certificado CE_UmbrellaCert
por Power Max Ter 27 maio 2014, 19:51
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO)Log ZHPDiag2
por Chawless Ter 27 maio 2014, 20:15
~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Charles Pereira (27/05/2014 20:09:38)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16899
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.14
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3993 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 360 GB (84%) free of 425 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MORCEGO
~ User Name: Charles Pereira
~ All Users Names: HomeGroupUser$, Convidado, Charles Pereira, Administrador,
~ Unselected Option: None
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Charles Pereira\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Charles Pereira\AppData\Roaming\
~ %Desktop% : C:\Users\Charles Pereira\Desktop\
~ %Favorites% : C:\Users\Charles Pereira\Favorites\
~ %LocalAppData% : C:\Users\Charles Pereira\AppData\Local\
~ %StartMenu% : C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 360 Go of 425 Go)
D: Hard drive, Flash drive, Thumb drive (Free 23 Go of 25 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2327
~ Mes musiques (My Musics) : 50/1587
~ Mes Videos (My Videos) : 2/158
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/4504
~ Mon Bureau (My Desktop) : 2/40
~ Menu demarrer (Programs) : 1/64
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.DB314CFF0FB931BEEF9AA53B4DBABDC5] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21064] [PID.3648]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3888648] [PID.3392]
[MD5.D342CD9148D4F9BC75304C658D52C25E] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192] [PID.5024]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.4384]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - Host WWA Microsoft.) -- C:\WINDOWS\syswow64\wwahost.exe [333824] [PID.5408]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.720]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
~ Google Lines Browser: 21 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50937;https=127.0.0.1:50937 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [RtsFT] . (.Realtek semiconductor - RTFTrack.) -- C:\Windows\RTFTrack.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SAII\SACpl.exe
O4 - HKLM\..\Run: [Energy Management] . (.Lenovo (Beijing) Limited - Lenovo Energy Management Software 8.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver 8.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [GSMEjector] . (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DD63CC2-C5CB-42F2-9AE9-8EE060B71FCF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4E3D2C6-F118-4222-B890-C4A5E81FC602}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DD63CC2-C5CB-42F2-9AE9-8EE060B71FCF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4E3D2C6-F118-4222-B890-C4A5E81FC602}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: GSM Ejector Service (GSMEjector) . (...) - C:\WINDOWS\SysWOW64\GSMSrvEjector.exe
~ Services: 11 Legitimates Filtered in 00mn 23s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1098]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1102]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 06s
---\\ Software instalados (042)
O42 - Logiciel: Torrent Opener - (.Torrent Opener.) [HKLM][64Bits] -- Torrent Opener
~ Logic: 35 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\SearchSnacks]
[HKLM\Software\Wow6432Node\SmartUpdater]
~ Key Software: 203 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2014 - 23:28:25 - [] ----D C:\Program Files (x86)\HammerHead
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\Program Files (x86)\Oi
O43 - CFD: 27/03/2014 - 00:40:23 - [] ----D C:\Program Files (x86)\Torrent Opener
O43 - CFD: 14/03/2014 - 00:56:13 - [] ----D C:\Program Files (x86)\XMediaPlayer
O43 - CFD: 27/05/2014 - 19:49:55 - [] ----D C:\Program Files (x86)\Zebar
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\ProgramData\OI
O43 - CFD: 27/05/2014 - 19:49:55 - [0] ----D C:\Users\Charles Pereira\AppData\Roaming\ContentExplorer
O43 - CFD: 11/05/2014 - 23:40:53 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\rmi
O43 - CFD: 27/03/2014 - 00:43:07 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Torrent Opener
O43 - CFD: 27/03/2014 - 00:40:26 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Opener
~ Program Folder: 115 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8FA1823706745581910C49F039755DFD] - 13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O44 - LFC:[MD5.DFE0CEA3B61CC2A5F53C3D91CCC4859D] - 22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.759023D05C6393E86E7C97343B2F3035] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.163CCDA5BBCF97B24F989412F4B80485] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 18:08:46 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.777AFD576DA6C2CD43A30727FD431B48] - 26/05/2014 - 18:31:00 ---A- . (...) -- C:\zoek-results.log [14772]
O44 - LFC:[MD5.278FCC276B81D86B4CDF2F542261FA4B] - 27/05/2014 - 18:49:48 ---A- . (...) -- C:\Windows\win.ini [194]
~ Files: 56 Legitimates Filtered in 00mn 18s
---\\ Últimos arquivos criados no Windows Prefetcher (045)
O45 - LFCP:[MD5.90C77B97EAE61EC02B7CAA77E9BBC8F7] - 12/05/2014 - 19:24:15 ---A- - C:\Windows\Prefetch\UPDATEWEBGET.EXE-CEF9810B.pf =>PUP.WebGet
O45 - LFCP:[MD5.7B61457B619B71785D5E5317B103AB9E] - 25/05/2014 - 20:13:43 ---A- - C:\Windows\Prefetch\WAJAM_2207-6C14163C.EXE-FBA0E080.pf =>PUP.Wajam
O45 - LFCP:[MD5.C7597217704D063BA894689129D2747A] - 25/05/2014 - 20:15:36 ---A- - C:\Windows\Prefetch\WAJAM_INSTALL.EXE-D31994AA.pf =>PUP.Wajam
O45 - LFCP:[MD5.0C9D17598458FA3283F64694E208A492] - 12/05/2014 - 19:15:23 ---A- - C:\Windows\Prefetch\WEBGET.PURBROWSE64.EXE-968FD96A.pf =>PUP.WebGet
~ Prefetcher: 4 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 62 Legitimates Filtered in 00mn 04s
---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 22/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\Zebar.PurBrowse64.exe [287000] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\Zebar.BrowserAdapter.exe [96536] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\ZebarBAApp.dll [189720] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:11:02 ---A- . (.TODO:.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\{6c0944d8-b49f-4f69-8ce8-524e562a2250}.dll [300312] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar.FirstRun.exe [1122584] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\ZebarUninstall.exe [240971] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar\bin\utilZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar\updateZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.Bromon.dll [84248] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.BrowserAdapterS.dll [763672] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.CompatibilityChecker.dll [57624] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.FFUpdate.dll [459544] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.IEUpdate.dll [544536] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.PurBrowseG.dll [799000] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\utilZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\updateZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (.ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\ContentExplorer.exe [1063664] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (.ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\ContentExplorer\ContentExplorer.exe [1063664] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (.ContentExplorer.net.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\uninstall.exe [133360] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:03 ---A- . (...) -- C:\Users\Charles Pereira\Desktop\AdwCleaner.exe [1327971]
O61 - LFC: 26/05/2014 - 20:11:03 ---A- . (...) -- C:\Users\Charles Pereira\Downloads\zoek.exe [1285120]
~ 12 Fichiers temporaires (Temporary files)
~ 4 Fichiers cookies (Cookies files)
~ Files: 28 Legitimates Filtered in 00mn 14s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][25/05/2014] (...) -- C:\Users\Charles Pereira\Desktop\AdwCleaner.exe [1327971]
[MD5.9A99EFB501918F581CF3B9D5A2055353] [SPRF][27/05/2014] (...) -- C:\Users\Charles Pereira\Desktop\cc_20140527_194840.reg [98850]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/01/2013 277488 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 19/02/2014 1662424 | (LSCWinService) . (...) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
SR - | Auto 05/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 03/12/2012 202400 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\WINDOWS\system32\CxAudMsg64.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\WINDOWS\SysWOW64\GSMSrvEjector.exe
SR - | Auto 31/01/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 19/06/2012 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 06/11/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/09/2013 585032 | (Lenovo System Agent Service) . (.LENOVO INCORPORATED..) - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
SR - | Auto 06/11/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 06/11/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Charles Pereira at 27/05/2014 20:12:27
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by Charles Pereira at 27/05/2014 20:12:29
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 188211 Items scanned in 00mn 28s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WebGet
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
~ MSI: 4 link(s) detected in 00mn 00s
~ 615 Legitimates filtered by white list
End of the scan (417 lines in 03mn 21s)(0)
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
~ Services: 16 Legitimates Filtered in 00mn 10s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1098]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1102]
~ Scheduled Task: 34 Legitimates Filtered in 00mn 04s
---\\ Software instalados (042)
O42 - Logiciel: Torrent Opener - (.Torrent Opener.) [HKLM][64Bits] -- Torrent Opener
~ Logic: 35 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\SearchSnacks]
[HKLM\Software\Wow6432Node\SmartUpdater]
~ Key Software: 203 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2014 - 23:28:25 - [] ----D C:\Program Files (x86)\HammerHead
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\Program Files (x86)\Oi
O43 - CFD: 27/03/2014 - 00:40:23 - [] ----D C:\Program Files (x86)\Torrent Opener
O43 - CFD: 14/03/2014 - 00:56:13 - [] ----D C:\Program Files (x86)\XMediaPlayer
O43 - CFD: 27/05/2014 - 19:49:55 - [] ----D C:\Program Files (x86)\Zebar
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\ProgramData\OI
O43 - CFD: 27/05/2014 - 19:49:55 - [0] ----D C:\Users\Charles Pereira\AppData\Roaming\ContentExplorer
O43 - CFD: 11/05/2014 - 23:40:53 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\rmi
O43 - CFD: 27/03/2014 - 00:43:07 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Torrent Opener
O43 - CFD: 27/03/2014 - 00:40:26 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Opener
~ Program Folder: 115 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8FA1823706745581910C49F039755DFD] - 13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O44 - LFC:[MD5.DFE0CEA3B61CC2A5F53C3D91CCC4859D] - 22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.759023D05C6393E86E7C97343B2F3035] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.163CCDA5BBCF97B24F989412F4B80485] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 18:08:46 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.777AFD576DA6C2CD43A30727FD431B48] - 26/05/2014 - 18:31:00 ---A- . (...) -- C:\zoek-results.log [14772]
O44 - LFC:[MD5.278FCC276B81D86B4CDF2F542261FA4B] - 27/05/2014 - 18:49:48 ---A- . (...) -- C:\Windows\win.ini [194]
~ Files: 56 Legitimates Filtered in 00mn 03s
---\\ Últimos arquivos criados no Windows Prefetcher (045)
O45 - LFCP:[MD5.90C77B97EAE61EC02B7CAA77E9BBC8F7] - 12/05/2014 - 19:24:15 ---A- - C:\Windows\Prefetch\UPDATEWEBGET.EXE-CEF9810B.pf =>PUP.WebGet
O45 - LFCP:[MD5.7B61457B619B71785D5E5317B103AB9E] - 25/05/2014 - 20:13:43 ---A- - C:\Windows\Prefetch\WAJAM_2207-6C14163C.EXE-FBA0E080.pf =>PUP.Wajam
O45 - LFCP:[MD5.C7597217704D063BA894689129D2747A] - 25/05/2014 - 20:15:36 ---A- - C:\Windows\Prefetch\WAJAM_INSTALL.EXE-D31994AA.pf =>PUP.Wajam
O45 - LFCP:[MD5.0C9D17598458FA3283F64694E208A492] - 12/05/2014 - 19:15:23 ---A- - C:\Windows\Prefetch\WEBGET.PURBROWSE64.EXE-968FD96A.pf =>PUP.WebGet
~ Prefetcher: 4 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 62 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 22/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\Zebar.PurBrowse64.exe [287000] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\Zebar.BrowserAdapter.exe [96536] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\ZebarBAApp.dll [189720] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:13:31 ---A- . (.TODO:.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\{6c0944d8-b49f-4f69-8ce8-524e562a2250}.dll [300312] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar.FirstRun.exe [1122584] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\ZebarUninstall.exe [240971] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar\bin\utilZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar\updateZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.Bromon.dll [84248] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.BrowserAdapterS.dll [763672] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.CompatibilityChecker.dll [57624] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.FFUpdate.dll [459544] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.IEUpdate.dll [544536] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.PurBrowseG.dll [799000] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\utilZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\updateZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\Desktop\AdwCleaner.exe [1327971]
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (.ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\ContentExplorer.exe [1063664] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (.ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\ContentExplorer\ContentExplorer.exe [1063664] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (.ContentExplorer.net.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\uninstall.exe [133360] =>.Nicolas Coolman
O61 - LFC: 26/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\Downloads\zoek.exe [1285120]
~ 24 Fichiers temporaires (Temporary files)
~ 8 Fichiers cookies (Cookies files)
~ Files: 28 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][25/05/2014] (...) -- C:\Users\Charles Pereira\Desktop\AdwCleaner.exe [1327971]
[MD5.9A99EFB501918F581CF3B9D5A2055353] [SPRF][27/05/2014] (...) -- C:\Users\Charles Pereira\Desktop\cc_20140527_194840.reg [98850]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/01/2013 277488 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 19/02/2014 1662424 | (LSCWinService) . (...) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
SR - | Auto 05/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 03/12/2012 202400 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\WINDOWS\system32\CxAudMsg64.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\WINDOWS\SysWOW64\GSMSrvEjector.exe
SR - | Auto 31/01/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 19/06/2012 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 06/11/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/09/2013 585032 | (Lenovo System Agent Service) . (.LENOVO INCORPORATED..) - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
SR - | Auto 06/11/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 06/11/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Charles Pereira at 27/05/2014 20:14:20
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by Charles Pereira at 27/05/2014 20:14:22
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 188216 Items scanned in 00mn 29s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WebGet
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
~ MSI: 4 link(s) detected in 00mn 00s
~ 643 Legitimates filtered by white list
End of the scan (627 lines in 05mn 47s)(0)
~ Iniciado por Charles Pereira (27/05/2014 20:09:38)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16899
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.14
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3993 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 360 GB (84%) free of 425 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MORCEGO
~ User Name: Charles Pereira
~ All Users Names: HomeGroupUser$, Convidado, Charles Pereira, Administrador,
~ Unselected Option: None
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Charles Pereira\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Charles Pereira\AppData\Roaming\
~ %Desktop% : C:\Users\Charles Pereira\Desktop\
~ %Favorites% : C:\Users\Charles Pereira\Favorites\
~ %LocalAppData% : C:\Users\Charles Pereira\AppData\Local\
~ %StartMenu% : C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 360 Go of 425 Go)
D: Hard drive, Flash drive, Thumb drive (Free 23 Go of 25 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/2327
~ Mes musiques (My Musics) : 50/1587
~ Mes Videos (My Videos) : 2/158
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/4504
~ Mon Bureau (My Desktop) : 2/40
~ Menu demarrer (Programs) : 1/64
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.DB314CFF0FB931BEEF9AA53B4DBABDC5] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [21064] [PID.3648]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3888648] [PID.3392]
[MD5.D342CD9148D4F9BC75304C658D52C25E] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192] [PID.5024]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.4384]
[MD5.60A3399135BEFC6F4BADBD6C13A4AC24] - (.Microsoft Corporation - Host WWA Microsoft.) -- C:\WINDOWS\syswow64\wwahost.exe [333824] [PID.5408]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.720]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Charles Pereira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
~ Google Lines Browser: 21 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50937;https=127.0.0.1:50937 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [RtsFT] . (.Realtek semiconductor - RTFTrack.) -- C:\Windows\RTFTrack.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio CPL (32bit).) -- C:\Program Files\CONEXANT\SAII\SACpl.exe
O4 - HKLM\..\Run: [Energy Management] . (.Lenovo (Beijing) Limited - Lenovo Energy Management Software 8.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [EnergyUtility] . (.Lenovo(beijing) Limited - Lenovo Battery Management Software Ver 8.0.) -- C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
O4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
O4 - HKLM\..\Wow6432Node\Run: [GSMEjector] . (.Lightcomm - No Comment.) -- C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-963319965-3930934361-3386377811-1001\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Charles Pereira\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DD63CC2-C5CB-42F2-9AE9-8EE060B71FCF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4E3D2C6-F118-4222-B890-C4A5E81FC602}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DD63CC2-C5CB-42F2-9AE9-8EE060B71FCF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F4E3D2C6-F118-4222-B890-C4A5E81FC602}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: GSM Ejector Service (GSMEjector) . (...) - C:\WINDOWS\SysWOW64\GSMSrvEjector.exe
~ Services: 11 Legitimates Filtered in 00mn 23s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1098]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1102]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 06s
---\\ Software instalados (042)
O42 - Logiciel: Torrent Opener - (.Torrent Opener.) [HKLM][64Bits] -- Torrent Opener
~ Logic: 35 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\SearchSnacks]
[HKLM\Software\Wow6432Node\SmartUpdater]
~ Key Software: 203 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2014 - 23:28:25 - [] ----D C:\Program Files (x86)\HammerHead
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\Program Files (x86)\Oi
O43 - CFD: 27/03/2014 - 00:40:23 - [] ----D C:\Program Files (x86)\Torrent Opener
O43 - CFD: 14/03/2014 - 00:56:13 - [] ----D C:\Program Files (x86)\XMediaPlayer
O43 - CFD: 27/05/2014 - 19:49:55 - [] ----D C:\Program Files (x86)\Zebar
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\ProgramData\OI
O43 - CFD: 27/05/2014 - 19:49:55 - [0] ----D C:\Users\Charles Pereira\AppData\Roaming\ContentExplorer
O43 - CFD: 11/05/2014 - 23:40:53 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\rmi
O43 - CFD: 27/03/2014 - 00:43:07 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Torrent Opener
O43 - CFD: 27/03/2014 - 00:40:26 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Opener
~ Program Folder: 115 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8FA1823706745581910C49F039755DFD] - 13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O44 - LFC:[MD5.DFE0CEA3B61CC2A5F53C3D91CCC4859D] - 22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.759023D05C6393E86E7C97343B2F3035] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.163CCDA5BBCF97B24F989412F4B80485] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 18:08:46 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.777AFD576DA6C2CD43A30727FD431B48] - 26/05/2014 - 18:31:00 ---A- . (...) -- C:\zoek-results.log [14772]
O44 - LFC:[MD5.278FCC276B81D86B4CDF2F542261FA4B] - 27/05/2014 - 18:49:48 ---A- . (...) -- C:\Windows\win.ini [194]
~ Files: 56 Legitimates Filtered in 00mn 18s
---\\ Últimos arquivos criados no Windows Prefetcher (045)
O45 - LFCP:[MD5.90C77B97EAE61EC02B7CAA77E9BBC8F7] - 12/05/2014 - 19:24:15 ---A- - C:\Windows\Prefetch\UPDATEWEBGET.EXE-CEF9810B.pf =>PUP.WebGet
O45 - LFCP:[MD5.7B61457B619B71785D5E5317B103AB9E] - 25/05/2014 - 20:13:43 ---A- - C:\Windows\Prefetch\WAJAM_2207-6C14163C.EXE-FBA0E080.pf =>PUP.Wajam
O45 - LFCP:[MD5.C7597217704D063BA894689129D2747A] - 25/05/2014 - 20:15:36 ---A- - C:\Windows\Prefetch\WAJAM_INSTALL.EXE-D31994AA.pf =>PUP.Wajam
O45 - LFCP:[MD5.0C9D17598458FA3283F64694E208A492] - 12/05/2014 - 19:15:23 ---A- - C:\Windows\Prefetch\WEBGET.PURBROWSE64.EXE-968FD96A.pf =>PUP.WebGet
~ Prefetcher: 4 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 62 Legitimates Filtered in 00mn 04s
---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 22/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\Zebar.PurBrowse64.exe [287000] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\Zebar.BrowserAdapter.exe [96536] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\ZebarBAApp.dll [189720] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:11:02 ---A- . (.TODO:
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar.FirstRun.exe [1122584] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\ZebarUninstall.exe [240971] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar\bin\utilZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar\updateZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.Bromon.dll [84248] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.BrowserAdapterS.dll [763672] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.CompatibilityChecker.dll [57624] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.FFUpdate.dll [459544] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.IEUpdate.dll [544536] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.PurBrowseG.dll [799000] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\utilZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\updateZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (.ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\ContentExplorer.exe [1063664] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (.ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\ContentExplorer\ContentExplorer.exe [1063664] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:02 ---A- . (.ContentExplorer.net.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\uninstall.exe [133360] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:11:03 ---A- . (...) -- C:\Users\Charles Pereira\Desktop\AdwCleaner.exe [1327971]
O61 - LFC: 26/05/2014 - 20:11:03 ---A- . (...) -- C:\Users\Charles Pereira\Downloads\zoek.exe [1285120]
~ 12 Fichiers temporaires (Temporary files)
~ 4 Fichiers cookies (Cookies files)
~ Files: 28 Legitimates Filtered in 00mn 14s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][25/05/2014] (...) -- C:\Users\Charles Pereira\Desktop\AdwCleaner.exe [1327971]
[MD5.9A99EFB501918F581CF3B9D5A2055353] [SPRF][27/05/2014] (...) -- C:\Users\Charles Pereira\Desktop\cc_20140527_194840.reg [98850]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/01/2013 277488 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 19/02/2014 1662424 | (LSCWinService) . (...) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
SR - | Auto 05/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 03/12/2012 202400 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\WINDOWS\system32\CxAudMsg64.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\WINDOWS\SysWOW64\GSMSrvEjector.exe
SR - | Auto 31/01/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 19/06/2012 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 06/11/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/09/2013 585032 | (Lenovo System Agent Service) . (.LENOVO INCORPORATED..) - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
SR - | Auto 06/11/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 06/11/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Charles Pereira at 27/05/2014 20:12:27
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by Charles Pereira at 27/05/2014 20:12:29
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 188211 Items scanned in 00mn 28s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WebGet
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
~ MSI: 4 link(s) detected in 00mn 00s
~ 615 Legitimates filtered by white list
End of the scan (417 lines in 03mn 21s)(0)
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
~ Services: 16 Legitimates Filtered in 00mn 10s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1098]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1102]
~ Scheduled Task: 34 Legitimates Filtered in 00mn 04s
---\\ Software instalados (042)
O42 - Logiciel: Torrent Opener - (.Torrent Opener.) [HKLM][64Bits] -- Torrent Opener
~ Logic: 35 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\SearchSnacks]
[HKLM\Software\Wow6432Node\SmartUpdater]
~ Key Software: 203 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2014 - 23:28:25 - [] ----D C:\Program Files (x86)\HammerHead
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\Program Files (x86)\Oi
O43 - CFD: 27/03/2014 - 00:40:23 - [] ----D C:\Program Files (x86)\Torrent Opener
O43 - CFD: 14/03/2014 - 00:56:13 - [] ----D C:\Program Files (x86)\XMediaPlayer
O43 - CFD: 27/05/2014 - 19:49:55 - [] ----D C:\Program Files (x86)\Zebar
O43 - CFD: 02/03/2014 - 09:24:38 - [] ----D C:\ProgramData\OI
O43 - CFD: 27/05/2014 - 19:49:55 - [0] ----D C:\Users\Charles Pereira\AppData\Roaming\ContentExplorer
O43 - CFD: 11/05/2014 - 23:40:53 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\rmi
O43 - CFD: 27/03/2014 - 00:43:07 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Torrent Opener
O43 - CFD: 27/03/2014 - 00:40:26 - [] ----D C:\Users\Charles Pereira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torrent Opener
~ Program Folder: 115 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.8FA1823706745581910C49F039755DFD] - 13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O44 - LFC:[MD5.DFE0CEA3B61CC2A5F53C3D91CCC4859D] - 22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.759023D05C6393E86E7C97343B2F3035] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.163CCDA5BBCF97B24F989412F4B80485] - 26/05/2014 - 17:40:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 18:08:46 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.777AFD576DA6C2CD43A30727FD431B48] - 26/05/2014 - 18:31:00 ---A- . (...) -- C:\zoek-results.log [14772]
O44 - LFC:[MD5.278FCC276B81D86B4CDF2F542261FA4B] - 27/05/2014 - 18:49:48 ---A- . (...) -- C:\Windows\win.ini [194]
~ Files: 56 Legitimates Filtered in 00mn 03s
---\\ Últimos arquivos criados no Windows Prefetcher (045)
O45 - LFCP:[MD5.90C77B97EAE61EC02B7CAA77E9BBC8F7] - 12/05/2014 - 19:24:15 ---A- - C:\Windows\Prefetch\UPDATEWEBGET.EXE-CEF9810B.pf =>PUP.WebGet
O45 - LFCP:[MD5.7B61457B619B71785D5E5317B103AB9E] - 25/05/2014 - 20:13:43 ---A- - C:\Windows\Prefetch\WAJAM_2207-6C14163C.EXE-FBA0E080.pf =>PUP.Wajam
O45 - LFCP:[MD5.C7597217704D063BA894689129D2747A] - 25/05/2014 - 20:15:36 ---A- - C:\Windows\Prefetch\WAJAM_INSTALL.EXE-D31994AA.pf =>PUP.Wajam
O45 - LFCP:[MD5.0C9D17598458FA3283F64694E208A492] - 12/05/2014 - 19:15:23 ---A- - C:\Windows\Prefetch\WEBGET.PURBROWSE64.EXE-968FD96A.pf =>PUP.WebGet
~ Prefetcher: 4 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:05/05/2014 - 18:14:20 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:22/05/2014 - 18:23:12 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}Gw64.sys [61112] =>PUP.LinkiDoo
~ Drivers: 62 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 22/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\Zebar.PurBrowse64.exe [287000] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\Zebar.BrowserAdapter.exe [96536] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\ZebarBAApp.dll [189720] =>.Nicolas Coolman
O61 - LFC: 23/05/2014 - 20:13:31 ---A- . (.TODO:
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar.FirstRun.exe [1122584] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\ZebarUninstall.exe [240971] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar\bin\utilZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\Zebar\updateZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.Bromon.dll [84248] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.BrowserAdapterS.dll [763672] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.CompatibilityChecker.dll [57624] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.FFUpdate.dll [459544] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.IEUpdate.dll [544536] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\plugins\Zebar.PurBrowseG.dll [799000] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\bin\utilZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\Zebar.DIR\updateZebar.exe [350488] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\Desktop\AdwCleaner.exe [1327971]
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (.ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\ContentExplorer.exe [1063664] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (.ContentExplorer.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\ContentExplorer\ContentExplorer.exe [1063664] =>.Nicolas Coolman
O61 - LFC: 25/05/2014 - 20:13:31 ---A- . (.ContentExplorer.net.) -- C:\Users\Charles Pereira\AppData\Roaming\ZHP\Quarantine\ContentExplorer.DIR\uninstall.exe [133360] =>.Nicolas Coolman
O61 - LFC: 26/05/2014 - 20:13:31 ---A- . (...) -- C:\Users\Charles Pereira\Downloads\zoek.exe [1285120]
~ 24 Fichiers temporaires (Temporary files)
~ 8 Fichiers cookies (Cookies files)
~ Files: 28 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][25/05/2014] (...) -- C:\Users\Charles Pereira\Desktop\AdwCleaner.exe [1327971]
[MD5.9A99EFB501918F581CF3B9D5A2055353] [SPRF][27/05/2014] (...) -- C:\Users\Charles Pereira\Desktop\cc_20140527_194840.reg [98850]
~ Files: 3 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/01/2013 277488 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 28/02/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/02/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SS - | Demand 19/02/2014 1662424 | (LSCWinService) . (...) - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
SR - | Auto 05/05/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 03/12/2012 202400 | (CxAudMsg) . (.Conexant Systems Inc..) - C:\WINDOWS\system32\CxAudMsg64.exe
SR - | Auto 01/10/2010 620032 | (GSMEjector) . (...) - C:\WINDOWS\SysWOW64\GSMSrvEjector.exe
SR - | Auto 31/01/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 19/06/2012 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 06/11/2012 165760 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 17/09/2013 585032 | (Lenovo System Agent Service) . (.LENOVO INCORPORATED..) - C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
SR - | Auto 06/11/2012 276864 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 06/11/2012 364416 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Charles Pereira at 27/05/2014 20:14:20
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by Charles Pereira at 27/05/2014 20:14:22
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 188216 Items scanned in 00mn 29s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.LinkiDoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WebGet
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Wajam
~ MSI: 4 link(s) detected in 00mn 00s
~ 643 Legitimates filtered by white list
End of the scan (627 lines in 05mn 47s)(0)
Chawless- Iniciante
- Mensagens : 10
Reputação : 1
Data de inscrição : 25/05/2014
Re: Certificado CE_UmbrellaCert
por Power Max Ter 27 maio 2014, 20:35
Selecione e copie todo o texto destacado em vermelho que te passei. Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Ter 27 maio 2014, 23:03, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO)Relatório Zhpfix
por Chawless Ter 27 maio 2014, 21:33
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Charles Pereira at 27/05/2014 21:32:08
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\SearchSnacks
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\ssnfd.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}gw64.sys
ELIMINÉ: c:\windows\prefetch\updatewebget.exe-cef9810b.pf
ELIMINÉ: c:\windows\prefetch\wajam_2207-6c14163c.exe-fba0e080.pf
ELIMINÉ: c:\windows\prefetch\wajam_install.exe-d31994aa.pf
ELIMINÉ: c:\windows\prefetch\webget.purbrowse64.exe-968fd96a.pf
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Chaves do Registo
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
8 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 07s
========== Caminho do ficheiro do relatório ==========
C:\Users\Charles Pereira\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 19:06:36 [3632]
C:\Users\Charles Pereira\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/05/2014 21:32:11 [1758]
Fichier d'export Registre :
Run by Charles Pereira at 27/05/2014 21:32:08
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\SearchSnacks
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\ssnfd.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{6c0944d8-b49f-4f69-8ce8-524e562a2250}gw64.sys
ELIMINÉ: c:\windows\prefetch\updatewebget.exe-cef9810b.pf
ELIMINÉ: c:\windows\prefetch\wajam_2207-6c14163c.exe-fba0e080.pf
ELIMINÉ: c:\windows\prefetch\wajam_install.exe-d31994aa.pf
ELIMINÉ: c:\windows\prefetch\webget.purbrowse64.exe-968fd96a.pf
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Chaves do Registo
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
8 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 07s
========== Caminho do ficheiro do relatório ==========
C:\Users\Charles Pereira\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 19:06:36 [3632]
C:\Users\Charles Pereira\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/05/2014 21:32:11 [1758]
Chawless- Iniciante
- Mensagens : 10
Reputação : 1
Data de inscrição : 25/05/2014
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Certificado CE_UmbrellaCert
por Chawless Ter 27 maio 2014, 22:43
Excelente!!! Na verdade tudo começou quando tentei baixar o Word 2010. Instalou-se aquela mensagem infernal de CE_Umbrellacert e algumas janelas de "propagandas" no navegador, fora a lentidão que estava.
Após todo esses processos que fui orientado a fazer o pc ficou outro nível, maravilhoso.
Ainda estou sem word, pois a versão 365 que veio nele não tem chave de ativação ='( (ficaria feliz se tivessem um link bom pra baixar uma versão gratuita ou uma chave de ativação do 365 >< rsrs), mas agradeço demais a ajuda. Fórum PC Brasil é SENSACIONAL!!! <3
Ahh, gostaria de saber também se devo manter o mesmo antivírus (avast), pois não me parece servir muito...
Após todo esses processos que fui orientado a fazer o pc ficou outro nível, maravilhoso.
Ainda estou sem word, pois a versão 365 que veio nele não tem chave de ativação ='( (ficaria feliz se tivessem um link bom pra baixar uma versão gratuita ou uma chave de ativação do 365 >< rsrs), mas agradeço demais a ajuda. Fórum PC Brasil é SENSACIONAL!!! <3
Ahh, gostaria de saber também se devo manter o mesmo antivírus (avast), pois não me parece servir muito...
Chawless- Iniciante
- Mensagens : 10
Reputação : 1
Data de inscrição : 25/05/2014
Re: Certificado CE_UmbrellaCert
por Power Max Ter 27 maio 2014, 23:00
Quanto ao antivirus você pode continuar com o Avast mesmo, caso queira. Ele é um bom antivirus.
Quanto ao Word a forma segura de tê-lo é comprando a versão original dele em uma boa loja de informática. Quaso não queira comprar, há versões similares gratuitas como o Office Starter, OpenOffice, etc.
Fico feliz que o problema tenha sido resolvido.
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Quanto ao Word a forma segura de tê-lo é comprando a versão original dele em uma boa loja de informática. Quaso não queira comprar, há versões similares gratuitas como o Office Starter, OpenOffice, etc.
Fico feliz que o problema tenha sido resolvido. Só para finalizar siga estes tutoriais abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Certificado CE_UmbrellaCert
por Danii Qui 12 Jun 2014, 21:36
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Tópicos semelhantes» Certificado CE_UmbrellaCert
» Certificado CE_UmbrellaCert
» Certificado CE_UmbrellaCert
» Certificado CE_UmbrellaCert
» certificado ce umbrellacert
» Certificado CE_UmbrellaCert
» Certificado CE_UmbrellaCert
» Certificado CE_UmbrellaCert
» certificado ce umbrellacert
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|