Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14806 usuários registrados
O último membro registrado é King empero

Os nossos membros postaram um total de 36043 mensagens em 3684 assuntos
Últimos assuntos
» Possíveis vírus
por joram Sex 15 Mar 2024, 19:05

Quem está conectado?
8 usuários online :: 0 registrados, 0 invisíveis e 8 visitantes

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

março 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
25262728293031

Calendário Calendário


Suprasavings + CE_Umbrellacert

2 participantes

Página 1 de 2 1, 2  Seguinte

Ir para baixo

Suprasavings + CE_Umbrellacert Empty Suprasavings + CE_Umbrellacert

Mensagem por suegm Seg 26 maio 2014, 19:28

Boa noite!
Após fazer um download semana passada começou a aparecer uma janela pedindo pra instalar o CE_Umbrellacert.
Além disso, apareceram uns arquivos estranhos em algumas das minhas pastas (alguns como atalhos, outros ocultos)
e instalou também o suprasavings que não estou conseguindo deletar do pc.
Gostaria de saber como exclui-los permanentemente do pc, por favor.
Já tentei usar o Adwcleaner, o Zoek e o Kaspersky Virus Removal Tool.

Obrigada.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:17:41, on 26/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
C:\windows\system32\igfxpers.exe
C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Suellen\Downloads\setup_11.0.1.1245.x01_2014_05_26_23_00.exe
C:\Users\Suellen\AppData\Local\Temp\RarSFX0\5189504.exe
C:\Users\Suellen\AppData\Local\Temp\1071308\5189504.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\notepad.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Suellen\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~3\BROWER~1\ASCPLU~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DeskmediaReaper] C:\Positivo\Deskmedia\DeskmediaReaper.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] 0004 ed3035b4e26f5c48427ecc47081c7ccb
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [WallpaperChanger] C:\Program Files\Wallpaper Master\Wallpaper.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Suellen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C3E8D31D8757B5FA3DF83513FE338381] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: _uninst_24048721.lnk = C:\Users\Suellen\AppData\Local\Temp\_uninst_24048721.bat
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Free YouTube Download - C:\Users\Suellen\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\windows\System32\SUPDSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: xmkysecqun32 - Unknown owner - C:\Program Files\003\xmkysecqun32.exe (file missing)

--
End of file - 16129 bytes
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Power Max Seg 26 maio 2014, 19:31

Já tentei usar o Adwcleaner, o Zoek e o Kaspersky Virus Removal Tool.
Olá. Poste o relatório do Adwcleaner que está em C:\AdwCleaner\AdwCleaner[S0].txt
Poste também o relatório do Zoek que estará em C:\zoek-results.txt
Poste também o relatório do Kaspersky Virus Removal Tool.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Seg 26 maio 2014, 20:58

Não encontrei o relatório do Adwcleaner. Estou enviando o do Zoek e do ZNPdiag. O karpesky ainda está scaneando.

Zoek.exe v5.0.0.0 Updated 21-05-2014
Tool run by Suellen on 21/05/2014 at 11:36:09,92.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Suellen\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21/05/2014 11:44:03 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-1795128182-489873951-3285546841-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8270EC90-7AF8-4148-AB4B-1058DF4DF927} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted
C:\Program Files\Mozilla Firefox\browser\searchplugins\search_the_web.xml deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Users\Suellen\AppData\Roaming\Bonanza deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Suellen\AppData\Local\cache deleted
C:\windows\system32\config\systemprofile\AppData\LocalLow\BabylonToolbar deleted
C:\user.js deleted
C:\windows\System32\sho341D.tmp deleted
C:\windows\System32\sho9085.tmp deleted
C:\windows\System32\shoC0C0.tmp deleted
C:\windows\System32\shoF7D8.tmp deleted
C:\windows\System32\~GLH000c.TMP deleted
C:\windows\System32\~GLH000d.TMP deleted
C:\windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted
"C:\Users\Suellen\AppData\Roaming\WordWeb" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"support@vdownloader.com"="C:\Program Files\VDownloader\Addons\FireFox" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"wcapturex@deskperience.com"="C:\Program Files\WordWeb\WCaptureMoz" [01/10/2013 11:50]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eoccbpoodnckjdnackiffhjfkogfhnhh - C:\Program Files\VDownloader\Addons\Chrome.crx[]
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03/03/2014 09:53]
mjdepfkicdcciagbigfcmdhknnoaaegf - C:\Program Files\WordWeb\wcxChrome.crx[28/02/2013 23:24]
nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx[22/04/2013 19:01]

Google Drive - Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Skype Click to Call - Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Advanced SystemCare Surfing Protection - Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Google Wallet - Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_free-pdf-unlocker.en.softonic.com_0.localstorage deleted successfully
C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_free-pdf-unlocker.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.softonic.com.br_0.localstorage deleted successfully
C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrent.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/ie"
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{31FCC53F-5F98-4C8D-9E37-FBD7E6165EE2} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1795128182-489873951-3285546841-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a1bcc327-7c56-4d0c-a1b7-fd4c30da8a09} deleted successfully
HKEY_USERS\S-1-5-21-1795128182-489873951-3285546841-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a1bcc327-7c56-4d0c-a1b7-fd4c30da8a09} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{a1bcc327-7c56-4d0c-a1b7-fd4c30da8a09} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1bcc327-7c56-4d0c-a1b7-fd4c30da8a09} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\support@vdownloader.com deleted successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\calibre - E-book management.lnk - C:\Program Files\Calibre2\calibre.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe SecurityScanner.dll
C:\Users\Public\Desktop\The Sims™ 3.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apostilas Objetiva\Agente Administrativo PRF 2014\Apostila Agente Administrativo PRF 2014.lnk - C:\Users\Suellen\Downloads\Agente Administrativo PRF 2014\ccb.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\calibre - E-book management.lnk - C:\Program Files\Calibre2\calibre.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\E-book viewer.lnk - C:\Program Files\Calibre2\ebook-viewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\Edit E-book.lnk - C:\Program Files\Calibre2\ebook-edit.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\LRF viewer.lnk - C:\Program Files\Calibre2\lrfviewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\The Sims™ 3.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc\Uninstall MagicDisc.lnk - C:\Program Files\MagicDisc\UNWISE.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk - C:\Program Files\McAfee.com\Agent\mcagent.exe /desktopicon /platui

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Adobe Reader XI.lnk - C:\windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\windows\system32\calc.exe
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Free YouTube Download Lite.lnk - C:\Program Files\Common Files\DVDVideoSoft\bin\ytgroovlc.exe
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word Starter 2010.lnk - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE "Microsoft Word Starter 2010 9014006604160000"
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Wallpaper Master.lnk - C:\Program Files\Wallpaper Master\Wallpaper.exe
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\Suellen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\97ce2917-a8ec-414d-8450-af7129b33fd7 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D} deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Suellen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Suellen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Suellen\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Suellen\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Suellen\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=137 folders=29 13403290 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Suellen\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Suellen\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 21/05/2014 at 12:11:58,29 ======================
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Seg 26 maio 2014, 20:58

~ Relatório do ZHPDiag v2014.5.26.74 - Nicolas Coolman (24/05/2014)
~ Iniciado por Suellen (26/05/2014 17:45:20)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v7.0.1474.0
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2932 MB (29% free)
System Restore: Activé (Enable)
System drive C: has 95 GB (34%) free of 279 GB

---\\ Modo de conexão ao sistema
~ Computer Name: NOTE-SUE
~ User Name: Suellen
~ All Users Names: Suellen, Convidado, Administrador,
~ Unselected Option: None
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Suellen\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Suellen\AppData\Roaming\
~ %Desktop% : C:\Users\Suellen\Desktop\
~ %Favorites% : C:\Users\Suellen\Favorites\
~ %LocalAppData% : C:\Users\Suellen\AppData\Local\
~ %StartMenu% : C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 95 Go of 279 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/27
~ Mes musiques (My Musics) : 1/78
~ Mes Videos (My Videos) : 1/30
~ Mes Favoris (My Favorites) : 1/6
~ Mes Documents (My Documents) : 2/408
~ Mon Bureau (My Desktop) : 0/6
~ Menu demarrer (Programs) : 1/99
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.E708F1FDB3B20F2656827FCB0581CBCD] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10119784] [PID.5248]
[MD5.4BBC56EF5BE49978468F2983B9A2AFFB] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1770792] [PID.5300]
[MD5.0AA31720D0A1C9756859164E6840E223] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.5472]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.5600]
[MD5.BAF535F843A3E790E04A7613811B55BC] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.5736]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.5768]
[MD5.43E2CFC37953501EA40D852AE585E7C0] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe [277920] [PID.6136]
[MD5.A16852B04C0A5654B0B8DFD5E1A25718] - (.MagicISO, Inc. - MagicISO Virtual CD/DVD Manager.) -- C:\Program Files\MagicDisc\MagicDisc.exe [576000] [PID.6500]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.6572]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488] [PID.6768]
[MD5.B5330086613D69F5ED3954535E8F33F1] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [943984] [PID.6776]
[MD5.43EE79052668643317E3B530E9892DE7] - (.Samsung Electronics Co., Ltd. - Wifi Manager.) -- C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe [7053168] [PID.6800]
[MD5.C5CF364816DE0AE422345801A2AFBC8D] - (.Intel Corporation - igfxext Module.) -- C:\windows\system32\igfxext.exe [179224] [PID.7428]
[MD5.C56EEBADA8A4978CFB51A3FD6B6AC12A] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe [266776] [PID.7500]
[MD5.113EA52D953E79BCD37E672E4A9860DC] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4387632] [PID.3844]
[MD5.D9C70E8552670E7A67778ED238C18975] - (.Samsung Electronics Co., Ltd. - Smart Restarter Program.) -- C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2208624] [PID.6904]
[MD5.15DC04031C19CCF380A69E50E589317B] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [775336] [PID.5380]
[MD5.596054F68A7C7EDD5E8A19BF511AC475] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [1757264] [PID.4852]
[MD5.136A1670196C883C2ECE89B0B9D851DD] - (.Atheros Commnucations - Bluetooth Suite Common Rescource.) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe [519328] [PID.2456]
[MD5.998B2E425CDCA8E96EBD9F506B4E3AAF] - (.Atheros Communications - Bluetooth Stack Server.) -- C:\Program Files\Bluetooth Suite\BtvStack.exe [609440] [PID.4708]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.4184]
[MD5.A3F3760429AD8C3345504F86EF560A96] - (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe [171032] [PID.4172]
[MD5.C86FD55A276BBA6009F0E7749A9CB1AF] - (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [966488] [PID.3580]
[MD5.C40276DD74119D841EFAE36BA4AED22B] - (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe [170520] [PID.4864]
[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.4900]
[MD5.5AFC1F763562C453C64B70886B460CDD] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360] [PID.4804]
[MD5.B8C44BF5A86B4662458F4AA8F901C94B] - (.Samsung Electronics - Samsung Update Plus Background.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2782064] [PID.6092]
[MD5.648584CDD57A2392993EC4155D1C09E2] - (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe [22415552] [PID.4160]
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4297136] [PID.2732]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.5692]
[MD5.74557BFD04530E512DBB9C151C4DA110] - (.McAfee, Inc. - McAfee.) -- C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499384] [PID.5904]
[MD5.1D040D09300DE4F68B6E5936FBA0E59A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7878144] [PID.2836]
[MD5.A131FF6AF7E2B2492566FB57683CE6CB] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe [3054592] [PID.5660]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
G2 - EXT: C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [avast! WebRep]
~ Google Lines Browser: 37 Legitimates Filtered in 00mn 12s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl.dll
P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (...) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll (.not file.)
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
~ BHO: 60 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [fst_br_132] Chave orfã
O4 - HKLM\..\Run: [DeskmediaReaper] C:\Positivo\Deskmedia\DeskmediaReaper.exe (.not file.)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKCU\..\Run: [WallpaperChanger] . (.James Garton - Desktop Wallpaper Changer.) -- C:\Program Files\Wallpaper Master\Wallpaper.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Suellen\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (.not file.)
O4 - HKCU\..\Run: [WordWeb] . (.WordWeb Software - WordWeb.) -- C:\Program Files\WordWeb\wweb32.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKCU\..\Run: [EADM] C:\Program Files\Origin\Origin.exe (.not file.)
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C3E8D31D8757B5FA3DF83513FE338381] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [WallpaperChanger] . (.James Garton - Desktop Wallpaper Changer.) -- C:\Program Files\Wallpaper Master\Wallpaper.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Suellen\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (.not file.)
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [WordWeb] . (.WordWeb Software - WordWeb.) -- C:\Program Files\WordWeb\wweb32.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (.not file.)
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [EADM] C:\Program Files\Origin\Origin.exe (.not file.)
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [GoogleChromeAutoLaunch_C3E8D31D8757B5FA3DF83513FE338381] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E62483AD-5D9A-4224-BBCD-48C778DC0C9D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpDomain = dqx.tvgvt
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E62483AD-5D9A-4224-BBCD-48C778DC0C9D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpDomain = dqx.tvgvt
O17 - HKLM\System\CS2\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E62483AD-5D9A-4224-BBCD-48C778DC0C9D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpDomain = dqx.tvgvt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: xmkysecqun32 (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe (.not file.) =>PUP.AdPeak
~ Services: 24 Legitimates Filtered in 00mn 18s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [Bonanza] (...) -- C:\Users\Suellen\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Adware.BonanzaDeals
[MD5.00000000000000000000000000000000] [APT] [EasyPartitionManager] (...) -- C:\Windows\MSetup\BA46-12225A02\EPM.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3FA247A8-3771-4F9B-9AF6-E860D8DB4931}] (...) -- E:\iTunes64Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{41E702EF-1460-4185-91A1-557021F7CE8D}] (...) -- C:\Users\Suellen\Downloads\fontes_adicionais.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4AA7947C-385D-4414-878C-B4C40874BCDE}] (...) -- C:\Users\Suellen\Suellen\Livros\Livros Animais\Dermatologia\Veterinaria dermatologia\ST6UNST.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6131F8B0-4CC2-4ECB-95E5-4AACC79D8E9D}] (...) -- E:\iTunes64Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D8D03C67-1F00-44F7-A073-D3B8E093F7DA}] (...) -- E:\iTunes64Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DFC3500B-02C6-477E-A078-9204679C59D4}] (...) -- E:\iTunes64Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DFE97A6A-6A8F-4765-8B0A-A18F2F7BE124}] (...) -- E:\iTunes64Setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: Bonanza - (...) -- C:\Windows\Tasks\Bonanza.job [298] =>Adware.BonanzaDeals
O39 - APT: Bonanza - (...) -- C:\Windows\System32\Tasks\Bonanza [298] =>Adware.BonanzaDeals
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1795128182-489873951-3285546841-1000Core [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1795128182-489873951-3285546841-1000UA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf281cb81f3d82 [1058]
~ Scheduled Task: 90 Legitimates Filtered in 00mn 06s



---\\ Software instalados (042)
O42 - Logiciel: Apostila concurso PRF versão 1.0 - (.DownloadApostilaConcurso.com.) [HKLM] -- {E3ED1756-CAFF-4BF3-843D-41C61E416ABA}_is1
O42 - Logiciel: Dic Michaelis - UOL - (...) [HKLM] -- WDIC
O42 - Logiciel: Plants vs Zombies - (...) [HKLM] -- Plants vs Zombies
O42 - Logiciel: SupraSavings - (.SupraSavings.) [HKLM] -- {E6B105B8-1F65-4428-9397-1DFD8A03B94D} =>PUP.SupraSavings
O42 - Logiciel: The 5-Minute Veterinary Consult - (...) [HKLM] -- The 5-Minute Veterinary Consult
O42 - Logiciel: Update_for_BonanzaDeals - (.Update_for_BonanzaDeals.) [HKCU] -- Bonanza =>Adware.BonanzaDeals
O42 - Logiciel: VADEMECUM VETERINARIO 2004-2005 - (...) [HKLM] -- VADEMECUM VETERINARIO 2004-20051.0
O42 - Logiciel: Veterinaria - (...) [HKLM] -- ST6UNST #1
O42 - Logiciel: Wallpaper Master v2.16 - (.James Garton.) [HKLM] -- Wallpaper Master_is1
O42 - Logiciel: WordWeb - (.WordWeb Software.) [HKLM] -- WordWeb
~ Logic: 22 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASKHomePage]
[HKCU\Software\Amigo Mouse]
[HKCU\Software\Baidu Security]
[HKCU\Software\SP22]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\WordWeb]
[HKLM\Software\360Safe]
[HKLM\Software\Baidu Security]
[HKLM\Software\Baidu_Drp_pos]
[HKLM\Software\CCB]
~ Key Software: 314 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/04/2012 - 00:15:47 - [] ----D C:\Program Files\5-MVC
O43 - CFD: 14/02/2014 - 22:44:54 - [] ----D C:\Program Files\KanjiGold
O43 - CFD: 04/07/2012 - 21:30:49 - [] ----D C:\Program Files\Plants vs Zombies
O43 - CFD: 19/03/2012 - 00:53:10 - [] ----D C:\Program Files\Vademecum
O43 - CFD: 19/01/2012 - 22:46:35 - [] ----D C:\Program Files\Veterinaria
O43 - CFD: 23/03/2012 - 17:37:25 - [] ----D C:\Program Files\Wallpaper Master
O43 - CFD: 01/10/2013 - 11:50:44 - [] ----D C:\Program Files\WordWeb
O43 - CFD: 20/05/2014 - 20:07:13 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 20/05/2014 - 20:07:29 - [] ----D C:\Users\Suellen\AppData\Roaming\Baidu Security
O43 - CFD: 12/04/2012 - 00:16:53 - [] ----D C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CPVet
O43 - CFD: 04/02/2013 - 22:57:46 - [0] ----D C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL
~ Program Folder: 206 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.BE125797A510CD7E9E77D0D79CB989EF] - 20/05/2014 - 20:07:28 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 21/05/2014 - 10:34:35 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 21/05/2014 - 11:35:37 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.7EC03C25D5DB656F2C7A9C85AC35CD67] - 21/05/2014 - 12:11:58 ---A- . (...) -- C:\zoek-results.log [17428]
O44 - LFC:[MD5.4FF40AAF09781BCE1D850B306E0AF7BC] - 26/05/2014 - 14:08:04 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147808]
O44 - LFC:[MD5.DFD2433C51C330C8C1A2D7C825B653C5] - 26/05/2014 - 14:08:04 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706226]
~ Files: 58 Legitimates Filtered in 00mn 04s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{1c7b2546-3486-11e1-9611-e81132a687c4}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{1c7b2548-3486-11e1-9611-e81132a687c4}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{8e5426c8-09cf-11e2-98ad-e81132a687c4}\AutoRun\command. (...) -- D:\Windows\AutoRun.exe (.not file.)
O51 - MPSK:{991ce9e4-694e-11e1-9dec-e81132a687c4}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{991ce9f2-694e-11e1-9dec-e81132a687c4}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{a14023e5-3324-11e1-a7b7-e81132a687c4}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{a1402403-3324-11e1-a7b7-e81132a687c4}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{b27da688-da07-11e3-8258-e81132a687c4}\AutoRun\command. (...) -- G:\Autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/09/2012 - 19:58:30 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [152880]
O58 - SDL:17/09/2012 - 19:58:32 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [61488]
O58 - SDL:17/09/2012 - 19:58:32 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [29744]
O58 - SDL:17/09/2012 - 19:58:32 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:11/03/2014 - 00:14:02 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/10/2011 - 03:19:53 ---A- . (.Windows (R) 2003 DDK 3790 provider - Generic Port I/O for Win32.) -- C:\Windows\System32\Drivers\rtport.sys [15656]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 105 Legitimates Filtered in 00mn 02s



---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)
O61 - LFC: 21/05/2014 - 17:46:47 ---A- . (...) -- C:\Users\Suellen\Downloads\adwcleaner_3.210.exe [1326389]
O61 - LFC: 26/05/2014 - 17:46:45 ---A- . (...) -- C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [236]
~ 1035 Fichiers temporaires (Temporary files)
~ 306 Fichiers cookies (Cookies files)
~ Files: 28 Legitimates Filtered in 00mn 07s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11/03/2014 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(.Baidu, Inc. - Baidu Antivirus Hook Base.) - LEGACY_BHBASE
~ Legacy: 112 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {31FCC53F-5F98-4C8D-9E37-FBD7E6165EE2} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {C810A113-4E78-4D95-92A4-2887D79DD4E1} - (Pesquisa Segura) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {C810A113-4E78-4D95-92A4-2887D79DD4E1} - (Pesquisa Segura) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.94E28010255D126FE7BFE4E55C06492C] [SPRF][04/12/2012] (.No owner - AVAST Software Setup Engine.) -- C:\Program Files\avast_free_antivirus_setup.exe [97495576]
~ Files: 1 Legitimates Filtered in 00mn 01s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "8B501B6E56F182443979D1DFA8309BD4" . (.SupraSavings.) -- c:\windows\Installer\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}\icon64.ico =>PUP.SupraSavings
~ Update Products: 1 Legitimates Filtered in 00mn 01s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.3F13781D8AF0D9B0495FE4301F71F99A] [WIS][30/05/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\196cfa.msi [346624] =>PUP.Babylon
[MD5.937E6957911EFF7B740EE814C75C95D2] [WIS][03/04/2014] (.APN, LLC - MediaCaster by Ask.) -- C:\Windows\Installer\22c7af4.msi [381952] =>Adware.Bandoo
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][20/05/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\22ce5dc.msi [3162112] =>PUP.SupraSavings
[MD5.46F2667ADB3EF8EFBEB0505D2FAD321B] [WIS][13/11/2012] (.SweetIM Technologies Ltd. - SweetPacks Toolbar for Internet Explorer 4.0.) -- C:\Windows\Installer\30f3203.msi [3350528] =>PUP.SweetIM
~ WIS: 4 Legitimates Filtered in 00mn 06s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\funmoods91212_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\funmoods91212_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32 =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS =>Adware.PredictAd
~ BTK: 280 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 11/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 11/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 11/03/2014 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 15/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 02/08/2013 471592 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Demand 06/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 09/08/2010 131888 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 10/07/1658 0 | (xmkysecqun32) . (...) - C:\Program Files\003\xmkysecqun32.exe =>PUP.AdPeak
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/04/2013 574272 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 15/06/2011 146592 | (Atheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
SR - | Auto 15/06/2011 76960 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files\Bluetooth Suite\adminservice.exe
SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 30/07/2013 281560 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 01/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 01/07/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 167784 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 145568 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 281560 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/03/2014 655936 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 03/04/2014 169800 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 03/04/2014 179600 | (mfevtp) . (.McAfee, Inc..) - C:\windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 281560 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 01/06/2010 2057560 | (NOBU) . (.Symantec Corporation.) - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe =>.Symantec Corporation
SR - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SR - | Auto 01/07/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 24s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by Suellen at 26/05/2014 17:48:25
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
C:\windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Rapid Storage Technology driver
1 ntkrnlpa!IofCallDriver[0x83A83BBA] >> \Device\Harddisk0\DR0[0x889668A0]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 27 Legitimates Filtered in 00mn 02s



---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Run by Suellen at 26/05/2014 17:48:27
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13026 - (24/05/2014)
Clés trouvées (Keys found) : 10
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 6

[HKLM\SYSTEM\CurrentControlSet\Services\xmkysecqun32] =>PUP.AdPeak^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}] =>PUP.SupraSavings^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza] =>Adware.BonanzaDeals^
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\360Safe] =>Trojan.Lozavita
[HKLM\Software\Classes\MyWebSearch.SkinLauncher] =>Adware.MyWebSearch
[HKLM\Software\Classes\MyWebSearch.SkinLauncher.1] =>Adware.MyWebSearch
[HKLM\Software\Classes\MyWebSearch.SkinLauncherSettings] =>Adware.MyWebSearch
[HKLM\Software\Classes\MyWebSearch.SkinLauncherSettings.1] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}] =>PUP.CrossRider
C:\Windows\Tasks\Bonanza.job =>Adware.BonanzaDeals^
C:\Windows\System32\Tasks\Bonanza =>Adware.BonanzaDeals^
C:\Windows\Installer\196cfa.msi =>PUP.Babylon^
C:\Windows\Installer\22c7af4.msi =>Adware.Bandoo^
C:\Windows\Installer\22ce5dc.msi =>PUP.SupraSavings^
C:\Windows\Installer\30f3203.msi =>PUP.SweetIM^
~ Additionnel Scan: 391246 Items scanned in 01mn 14s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.AdPeak
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BonanzaDeals
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupraSavings
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Bandoo
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SweetIM
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PredictAd
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MyWebSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ MSI: 11 link(s) detected in 00mn 00s



~ 1089 Legitimates filtered by white list
End of the scan (633 lines in 04mn 23s)(0)
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Power Max Seg 26 maio 2014, 23:55

Faça uma nova limpeza com o AdwCleaner seguindo as dicas deste tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt (obs: este número vai aumentando de acordo com a quantidade de vezes que você vai usando o Adwcleaner, portanto se esta for a segunda vez que você o usou o arquivo terá o nome de AdwCleaner[S1].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 00:56

Encontrei o relatório de semana passada do Adwcleaner.

# AdwCleaner v3.210 - Relatório criado 21/05/2014 às 10:39:50
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : Suellen - NOTE-SUE
# Executando de : C:\Users\Suellen\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : bonanzadealslive
[#] Serviço Deletada : bonanzadealslivem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\BonanzaDealsLive
Pasta Deletada : C:\ProgramData\SoftWarehouse
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\BonanzaDeals
Pasta Deletada : C:\Program Files\BonanzaDealsLive
Pasta Deletada : C:\Program Files\Mobogenie
Pasta Deletada : C:\Program Files\predm
Pasta Deletada : C:\Program Files\ScanTack
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Suellen\AppData\Local\BonanzaDealsLive
Pasta Deletada : C:\Users\Suellen\AppData\Local\genienext
Pasta Deletada : C:\Users\Suellen\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Suellen\AppData\Local\Temp\apn
Pasta Deletada : C:\Users\Suellen\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
Pasta Deletada : C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\Suellen\AppData\Roaming\Mozilla\Firefox\Profiles\fhbqix8w.default\Extensions\SupraSavings@jetpack
Pasta Deletada : C:\Users\Suellen\AppData\Roaming\Mozilla\Firefox\Profiles\fhbqix8w.default\Extensions\crossriderapp2258@crossrider.com
Pasta Deletada : C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Pasta Deletada : C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjegdojkkoghnbiollpogeeimocanmk
Arquivo Deletada : C:\Users\Suellen\AppData\Roaming\Mozilla\Firefox\Profiles\fhbqix8w.default\Extensions\firefox@scantack.net.xpi
Arquivo Deletada : C:\Users\Suellen\daemonprocess.txt
Arquivo Deletada : C:\Users\Suellen\AppData\Roaming\Mozilla\Firefox\Profiles\fhbqix8w.default\searchplugins\ask-search.xml
Arquivo Deletada : C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
Arquivo Deletada : C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
Arquivo Deletada : C:\windows\System32\Tasks\BonanzaDealsUpdate

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7B315F1-EB0A-4F9F-8287-A7ECA218354D}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7B315F1-EB0A-4F9F-8287-A7ECA218354D}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55D7383E-A1AC-483E-B587-E955400D9C13}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55D7383E-A1AC-483E-B587-E955400D9C13}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26087A32-469F-4FBA-927A-C12DB5C6449D}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26087A32-469F-4FBA-927A-C12DB5C6449D}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Chave Deletedo : HKCU\Software\BonanzaDeals
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\ScanTack
Chave Deletedo : HKCU\Software\suprasavings
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\AppDataLow\Software\Supra Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKLM\Software\BonanzaDeals
Chave Deletedo : HKLM\Software\BonanzaDealsLive
Chave Deletedo : HKLM\Software\FreeSoftToday
Chave Deletedo : HKLM\Software\LevelQualityWatcher
Chave Deletedo : HKLM\Software\ScanTack
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanTack
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ Arquivo : C:\Users\Suellen\AppData\Roaming\Mozilla\Firefox\Profiles\fhbqix8w.default\prefs.js ]

Linha deletada : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Linha deletada : user_pref("extensions.crossrider.bic", "1429075d97db8001ef695e96f0761385");
Linha deletada : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1385403112);
Linha deletada : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200");
Linha deletada : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1385403112");
Linha deletada : user_pref("extensions.crossriderapp2258.bic", "1429075d97db8001ef695e96f0761385");
Linha deletada : user_pref("extensions.crossriderapp2258.firstrun", false);
Linha deletada : user_pref("extensions.crossriderapp2258.installationdate", 1385403112);
Linha deletada : user_pref("extensions.crossriderapp2258.lastcheck", 23344609);
Linha deletada : user_pref("extensions.crossriderapp2258.lastcheckitem", 23344626);
Linha deletada : user_pref("extensions.crossriderapp2258.reportInstall", true);
Linha deletada : user_pref("extensions.enabledAddons", "ascsurfingprotection%40iobit.com:1.0,crossriderapp2258%40crossrider.com:0.89.133,DivXWebPlayer%40divx.com:2.0.2.039,%7Bf9d03c26-0575-497e-821d-f7956d23e0ca%7D:3.[...]

-\\ Google Chrome v34.0.1847.137

[ Arquivo : C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : afjegdojkkoghnbiollpogeeimocanmk
Deletedo [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deletedo [Extension] : ieadcoanfjloocmfafkebdnfefmohngj

*************************

AdwCleaner[R0].txt - [88044 octets] - [25/11/2013 12:31:00]
AdwCleaner[R1].txt - [15968 octets] - [21/05/2014 10:33:11]
AdwCleaner[S0].txt - [85013 octets] - [25/11/2013 12:44:26]
AdwCleaner[S1].txt - [15468 octets] - [21/05/2014 10:39:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15529 octets] ##########
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Power Max Ter 27 maio 2014, 01:19

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 10:44

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x86
Ran by Suellen on 27/05/2014 at 10:30:16,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlaunchersettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlaunchersettings.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1795128182-489873951-3285546841-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1795128182-489873951-3285546841-1000\Software\wajam



~~~ Files

Successfully deleted: [File] C:\windows\Tasks\Bonanza.job



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/05/2014 at 10:43:08,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 10:56

Karpesky


Status: Absent (events: 1)
26/05/2014 18:26:01 Not found adware not-a-virus:AdWare.Win32.Agent.ahbx C:\AdwCleaner\Quarantine\C\Program Files\ScanTack\ScanTackBHO.dll.vir Medium
Status: Deleted (events: 2)
26/05/2014 18:25:58 Deleted adware not-a-virus:AdWare.Win32.Agent.aiyc C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\update.exe.vir Medium
26/05/2014 18:25:58 Deleted adware not-a-virus:AdWare.Win32.Agent.aiyc C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\update.exe.vir//WajamUpdaterV3.exe Medium
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Power Max Ter 27 maio 2014, 11:42

Suprasavings + CE_Umbrellacert 772309  Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_____________________________________________________________________________________________________________

Suprasavings + CE_Umbrellacert 772309  No seu relatório está constando o uso de dois antivirus: Avast e McAfee. É muito importante você ter apenas um antivírus no seu computador, pois mais de um antivírus pode gerar conflito entre eles e prejudicar o funcionamento de seu PC. Veja mais informações sobre esta questão nesta matéria abaixo:

Por que não se deve utilizar dois ou mais antivírus?
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_________________________________________________________________________________________________________

Suprasavings + CE_Umbrellacert 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Suprasavings + CE_Umbrellacert 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Ter 27 maio 2014, 16:39, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Power Max Ter 27 maio 2014, 11:44

Faça também o seguinte:

Suprasavings + CE_Umbrellacert 772309 Faça o download do Usbfix [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (ao acessar a página clique no botão representado nesta imagem (na parte inferior direita da página) para baixá-lo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Utilize o USBFix conforme é mostrado nesta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Poste o log (relatório) do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com o relatório do ZHPFix pedido na resposta anterior.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 12:02

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Suellen at 27/05/2014 12:00:57
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 20s)
Reparação de atalhos do navegador

========== Softwares ==========
ELIMINÉ: SupraSavings

========== Estado dos serviços ==========
BHBASE Parado

========== Chaves do Registo ==========
ELIMINÉ: Service: xmkysecqun32
ELIMINÉ: HKCU\Software\ASKHomePage
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ CLSID MPSK: {1c7b2546-3486-11e1-9611-e81132a687c4}
ELIMINÉ CLSID MPSK: {1c7b2548-3486-11e1-9611-e81132a687c4}
ELIMINÉ CLSID MPSK: {8e5426c8-09cf-11e2-98ad-e81132a687c4}
ELIMINÉ CLSID MPSK: {991ce9e4-694e-11e1-9dec-e81132a687c4}
ELIMINÉ CLSID MPSK: {991ce9f2-694e-11e1-9dec-e81132a687c4}
ELIMINÉ CLSID MPSK: {a14023e5-3324-11e1-a7b7-e81132a687c4}
ELIMINÉ CLSID MPSK: {a1402403-3324-11e1-a7b7-e81132a687c4}
ELIMINÉ CLSID MPSK: {b27da688-da07-11e3-8258-e81132a687c4}
ELIMINÉ:* SearchScopes :{C810A113-4E78-4D95-92A4-2887D79DD4E1}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\funmoods91212_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\funmoods91212_RASMANCS
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ELIMINÉ RunValue: fst_br_132
ELIMINÉ RunValue: DeskmediaReaper
ELIMINÉ RunValue: Advanced SystemCare 5
ELIMINÉ RunValue: EA Core
ELIMINÉ RunValue: EADM
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ: C:\Windows\Installer\196cfa.msi
ELIMINÉ: C:\Windows\Installer\22c7af4.msi
ELIMINÉ: C:\Windows\Installer\30f3203.msi
ELIMINÉ Temporários windows (3175) (572.617.511 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: EasyPartitionManager
ELIMINÉ: {3FA247A8-3771-4F9B-9AF6-E860D8DB4931}
ELIMINÉ: {41E702EF-1460-4185-91A1-557021F7CE8D}
ELIMINÉ: {4AA7947C-385D-4414-878C-B4C40874BCDE}
ELIMINÉ: {6131F8B0-4CC2-4ECB-95E5-4AACC79D8E9D}
ELIMINÉ: {D8D03C67-1F00-44F7-A073-D3B8E093F7DA}
ELIMINÉ: {DFC3500B-02C6-477E-A078-9204679C59D4}
ELIMINÉ: {DFE97A6A-6A8F-4765-8B0A-A18F2F7BE124}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
18 : Chaves do Registo
12 : Valores do Registo
1 : Pastas
6 : Ficheiros
1 : Softwares
1 : Estado dos serviços
8 : Tarefa planificada
1 : Restauração Sistema


End of clean in 09mn 06s

========== Caminho do ficheiro do relatório ==========
C:\Users\Suellen\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 12:01:17 [3121]
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 12:08

Antivirus eu uso só o McAfee. Instalei o Avast ontem, pq ele tinha identificado algo no pendrive em outro pc que o Mcafee não identificou quando botei o pendrive no meu pc. E deixei o Mcafee inativo pra testar o Avast. Obrigada pela dica!
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 12:25

############################## | UsbFix V 7.171 | [Limpar]

Usuário: Suellen (Administrador) # NOTE-SUE
Atualizado em 18/05/2014 por El Desaparecido - SosVirus
Começou em 12:22:05 | 27/05/2014

Site : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Changelog : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Asistencia : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Upload Malware : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Contato : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

PC: SAMSUNG ELECTRONICS CO., LTD. (RV411/RV511/E3511/S3511/RV711/E3411)
CPU: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
RAM -> [Total : 2933 Mo| Free : 896 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft Windows 7 Home Basic (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17107
WB: Google Chrome : 35.0.1916.114
WB: Mozilla Firefox : 29.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: McAfee Anti-Virus and Anti-Spyware [(!) Disabled | Updated]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: McAfee Anti-Virus and Anti-Spyware [(!) Disabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
FW: McAfee Firewall [(!) Disabled]
FW: Windows FireWall [Enabled]

C:\ (%SystemDrive%) -> Disco fixo # 279 Gb (95 Mb livre - 34%) [] # NTFS
D:\ -> CD-ROM
G:\ -> CD-ROM

################## | Processos parados |

C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (ID: 1024|ParentID: 768)
C:\Windows\System32\spoolsv.exe (ID: 1780|ParentID: 768|SISTEMA)
C:\Windows\System32\taskeng.exe (ID: 1788|ParentID: 1272|SISTEMA)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2008|ParentID: 768|SISTEMA)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2028|ParentID: 768|SISTEMA)
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe (ID: 128|ParentID: 768|SISTEMA)
C:\Program Files\Bluetooth Suite\AdminService.exe (ID: 520|ParentID: 768|SISTEMA)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 624|ParentID: 768|SISTEMA)
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (ID: 1376|ParentID: 768|SISTEMA)
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (ID: 1680|ParentID: 768|SISTEMA)
C:\Windows\System32\taskhost.exe (ID: 2300|ParentID: 768|Suellen)
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe (ID: 2592|ParentID: 1788|SISTEMA)
C:\Program Files\CyberLink\Shared files\RichVideo.exe (ID: 2604|ParentID: 768|SISTEMA)
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (ID: 3068|ParentID: 768|SISTEMA)
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (ID: 3220|ParentID: 768|SISTEMA)
C:\Windows\System32\taskeng.exe (ID: 3296|ParentID: 1272|Suellen)
C:\Program Files\CyberLink\YouCam\YCMMirage.exe (ID: 3364|ParentID: 3296|Suellen)
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (ID: 3372|ParentID: 3296|Suellen)
C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe (ID: 3388|ParentID: 3296|Suellen)
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (ID: 3596|ParentID: 3220|SISTEMA)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ID: 3708|ParentID: 2380|Suellen)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 3732|ParentID: 2380|Suellen)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID: 4000|ParentID: 2380|Suellen)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 4016|ParentID: 3732|Suellen)
C:\Program Files\Windows Sidebar\sidebar.exe (ID: 2288|ParentID: 2380|Suellen)
C:\Program Files\iTunes\iTunesHelper.exe (ID: 2316|ParentID: 2380|Suellen)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID: 2944|ParentID: 2380|Suellen)
C:\Windows\System32\igfxext.exe (ID: 2796|ParentID: 940|Suellen)
C:\Windows\System32\igfxsrvc.exe (ID: 616|ParentID: 940|Suellen)
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (ID: 2948|ParentID: 2380|Suellen)
C:\Program Files\MagicDisc\MagicDisc.exe (ID: 4116|ParentID: 2380|Suellen)
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (ID: 4300|ParentID: 2380|Suellen)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4660|ParentID: 768|SISTEMA)
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (ID: 4668|ParentID: 3296|Suellen)
C:\Windows\System32\SearchIndexer.exe (ID: 4976|ParentID: 768|SISTEMA)
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe (ID: 5160|ParentID: 3296|Suellen)
C:\Windows\System32\WUDFHost.exe (ID: 6088|ParentID: 1216|SERVIÇO LOCAL)
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (ID: 1904|ParentID: 3296|Suellen)
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (ID: 3892|ParentID: 3296|Suellen)
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 5036|ParentID: 768|SISTEMA)
C:\Program Files\Bluetooth Suite\AthBtTray.exe (ID: 5148|ParentID: 3348|Suellen)
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe (ID: 5492|ParentID: 3296|Suellen)
C:\Program Files\Bluetooth Suite\BtvStack.exe (ID: 6148|ParentID: 3348|Suellen)
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (ID: 6324|ParentID: 3348|Suellen)
C:\Windows\System32\hkcmd.exe (ID: 6344|ParentID: 3348|Suellen)
C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (ID: 6492|ParentID: 3348|Suellen)
C:\Windows\System32\igfxpers.exe (ID: 6516|ParentID: 3348|Suellen)
C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe (ID: 6964|ParentID: 3348|Suellen)
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 6264|ParentID: 768|SISTEMA)
C:\Windows\explorer.exe (ID: 5040|ParentID: 6212|Suellen)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 30376|ParentID: 5040|Suellen)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 30652|ParentID: 30376|Suellen)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 19676|ParentID: 30376|Suellen)

################## | Autorun |


################## | Procura genérica |


(!) Ficheiros temporários suprimido.

################## | Registro |

Supprimido ! HKU\S-1-5-21-1795128182-489873951-3285546841-1000\Software\.\.\.\.\Mountpoints2\F

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [WallpaperChanger] C:\Program Files\Wallpaper Master\Wallpaper.exe
04 - HKCU\..\Run : [Facebook Update] "C:\Users\Suellen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run : [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_C3E8D31D8757B5FA3DF83513FE338381] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
04 - HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run : [WallpaperChanger] C:\Program Files\Wallpaper Master\Wallpaper.exe
04 - HKU\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run : [Facebook Update] "C:\Users\Suellen\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run : [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
04 - HKU\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run : [GoogleChromeAutoLaunch_C3E8D31D8757B5FA3DF83513FE338381] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
04 - HKU\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-18\..\Run : [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | C:\ %SystemDrive% - Disco fixo (NTFS) |

[10/06/2009 - 18:42:20 | N | 0 Ko] - C:\config.sys
[19/03/2012 - 00:50:17 | RASH | 0 Ko] - C:\MSDOS.SYS
[19/03/2012 - 00:50:17 | RASH | 0 Ko] - C:\IO.SYS
[27/05/2014 - 10:14:04 | ASH | 3002944 Ko] - C:\hiberfil.sys
[27/05/2014 - 10:14:06 | ASH | 3002944 Ko] - C:\pagefile.sys
[19/07/2011 - 01:41:17 | N | 2 Ko] - C:\RHDSetup.log
[19/07/2011 - 02:04:59 | N | 0 Ko] - C:\setup.log
[21/05/2014 - 12:11:58 | N | 17 Ko] - C:\zoek-results.log
[21/05/2014 - 12:12:30 | SHD] - C:\$RECYCLE.BIN
[26/05/2014 - 17:48:26 | N | 1 Ko] - C:\PhysicalDisk0_MBR.bin
[10/06/2009 - 18:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 23:37:05 | D] - C:\PerfLogs
[14/07/2009 - 01:53:55 | SHD] - C:\Documents and Settings
[19/07/2011 - 01:40:09 | D] - C:\Intel
[19/12/2011 - 00:26:40 | SHD] - C:\Recovery
[19/12/2011 - 00:27:47 | D] - C:\Users
[03/01/2012 - 23:44:50 | RHD] - C:\MSOCache
[12/04/2012 - 00:17:34 | D] - C:\CPVET
[04/02/2013 - 22:57:47 | D] - C:\Dic
[22/11/2013 - 22:58:34 | D] - C:\Positivo
[20/05/2014 - 20:18:47 | D] - C:\temp
[21/05/2014 - 12:08:27 | D] - C:\zoek_backup
[26/05/2014 - 16:55:55 | D] - C:\Program Files
[26/05/2014 - 20:59:36 | D] - C:\AdwCleaner
[27/05/2014 - 10:29:57 | D] - C:\Windows
[27/05/2014 - 11:54:11 | SHD] - C:\System Volume Information
[27/05/2014 - 11:54:22 | HD] - C:\ProgramData
[27/05/2014 - 12:21:53 | D] - C:\UsbFix

################## | Vaccin |


################## | E.O.F | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] | [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] |
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Power Max Ter 27 maio 2014, 12:27

Suprasavings + CE_Umbrellacert 772309 Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 12:35

~ Relatório do ZHPDiag v2014.5.26.74 - Nicolas Coolman (24/05/2014)
~ Iniciado por Suellen (27/05/2014 12:28:59)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v7.0.1474.0
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2932 MB (35% free)
System Restore: Activé (Enable)
System drive C: has 95 GB (34%) free of 279 GB

---\\ Modo de conexão ao sistema
~ Computer Name: NOTE-SUE
~ User Name: Suellen
~ All Users Names: Suellen, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Suellen\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Suellen\AppData\Roaming\
~ %Desktop% : C:\Users\Suellen\Desktop\
~ %Favorites% : C:\Users\Suellen\Favorites\
~ %LocalAppData% : C:\Users\Suellen\AppData\Local\
~ %StartMenu% : C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 95 Go of 279 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/27
~ Mes musiques (My Musics) : 1/78
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 2/136
~ Mon Bureau (My Desktop) : 0/8
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1572]
[MD5.20C4FAB164451E396C403DEB59E4441E] - (.McAfee, Inc. - McAfee Process Validation Service.) -- C:\windows\system32\mfevtps.exe [179600] [PID.1952]
[MD5.16B115E3706F493BE99FCA5D75EE54CF] - (.McAfee, Inc. - McAfee Access Protection.) -- C:\Program Files\McAfee\MSC\McAPexe.exe [145568] [PID.3504]
[MD5.6E35C41DE0FAA9889238C21BE445B61C] - (.McAfee, Inc. - McAfee On-Access Scanner service.) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936] [PID.3680]
[MD5.ECC57611D3CED496F918C6E624BE635C] - (.McAfee, Inc. - McAfee Core Firewall Service.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [169800] [PID.2624]
[MD5.74557BFD04530E512DBB9C151C4DA110] - (.McAfee, Inc. - McAfee.) -- C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499384] [PID.1836]
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4297136] [PID.2724]
[MD5.5007E21208DA68F60EBF43352BDFE6D0] - (.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560] [PID.1896]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.10724]
[MD5.23D990150D56B670A62B21B9ABDD45EE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.11384]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.5188]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.10464]
[MD5.1D040D09300DE4F68B6E5936FBA0E59A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7878144] [PID.13832]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\windows\system32\DllHost.exe [7168] [PID.14092]
[MD5.F119B9096D2767F454C7CD406E5D9224] - (.McAfee, Inc. - McAfee Update Manager Service.) -- C:\Program Files\McAfee\MSC\mcupdmgr.exe [1346512] [PID.12424]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\windows\system32\sppsvc.exe [3179520] [PID.13688]
[MD5.1336353BEA811485CF24C0877B309F22] - (.McAfee, Inc. - McAfee Update Launcher.) -- C:\Program Files\mcafee.com\agent\McUpdate.exe [1261576] [PID.0]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 11s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl.dll
P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (...) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll (.not file.)
~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKCU\..\Run: [WallpaperChanger] . (.James Garton - Desktop Wallpaper Changer.) -- C:\Program Files\Wallpaper Master\Wallpaper.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Suellen\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [WordWeb] . (.WordWeb Software - WordWeb.) -- C:\Program Files\WordWeb\wweb32.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C3E8D31D8757B5FA3DF83513FE338381] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [WallpaperChanger] . (.James Garton - Desktop Wallpaper Changer.) -- C:\Program Files\Wallpaper Master\Wallpaper.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Suellen\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [WordWeb] . (.WordWeb Software - WordWeb.) -- C:\Program Files\WordWeb\wweb32.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [GoogleChromeAutoLaunch_C3E8D31D8757B5FA3DF83513FE338381] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E62483AD-5D9A-4224-BBCD-48C778DC0C9D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpDomain = dqx.tvgvt
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E62483AD-5D9A-4224-BBCD-48C778DC0C9D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpDomain = dqx.tvgvt
O17 - HKLM\System\CS2\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E62483AD-5D9A-4224-BBCD-48C778DC0C9D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpDomain = dqx.tvgvt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1795128182-489873951-3285546841-1000Core [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1795128182-489873951-3285546841-1000UA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf281cb81f3d82 [1058]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 06s



---\\ Software instalados (042)
O42 - Logiciel: Apostila concurso PRF versão 1.0 - (.DownloadApostilaConcurso.com.) [HKLM] -- {E3ED1756-CAFF-4BF3-843D-41C61E416ABA}_is1
O42 - Logiciel: Dic Michaelis - UOL - (...) [HKLM] -- WDIC
O42 - Logiciel: Plants vs Zombies - (...) [HKLM] -- Plants vs Zombies
O42 - Logiciel: The 5-Minute Veterinary Consult - (...) [HKLM] -- The 5-Minute Veterinary Consult
O42 - Logiciel: VADEMECUM VETERINARIO 2004-2005 - (...) [HKLM] -- VADEMECUM VETERINARIO 2004-20051.0
O42 - Logiciel: Veterinaria - (...) [HKLM] -- ST6UNST #1
O42 - Logiciel: Wallpaper Master v2.16 - (.James Garton.) [HKLM] -- Wallpaper Master_is1
O42 - Logiciel: WordWeb - (.WordWeb Software.) [HKLM] -- WordWeb
~ Logic: 21 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Amigo Mouse]
[HKCU\Software\Bonanza] =>Adware.BonanzaDeals
[HKCU\Software\SP22]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\WordWeb]
[HKLM\Software\CCB]
~ Key Software: 304 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/04/2012 - 00:15:47 - [] ----D C:\Program Files\5-MVC
O43 - CFD: 14/02/2014 - 22:44:54 - [] ----D C:\Program Files\KanjiGold
O43 - CFD: 04/07/2012 - 21:30:49 - [] ----D C:\Program Files\Plants vs Zombies
O43 - CFD: 19/03/2012 - 00:53:10 - [] ----D C:\Program Files\Vademecum
O43 - CFD: 19/01/2012 - 22:46:35 - [] ----D C:\Program Files\Veterinaria
O43 - CFD: 23/03/2012 - 17:37:25 - [] ----D C:\Program Files\Wallpaper Master
O43 - CFD: 01/10/2013 - 11:50:44 - [] ----D C:\Program Files\WordWeb
O43 - CFD: 12/04/2012 - 00:16:53 - [] ----D C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CPVet
O43 - CFD: 04/02/2013 - 22:57:46 - [0] ----D C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL
~ Program Folder: 205 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 21/05/2014 - 10:34:35 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 21/05/2014 - 11:35:37 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.7EC03C25D5DB656F2C7A9C85AC35CD67] - 21/05/2014 - 12:11:58 ----- . (...) -- C:\zoek-results.log [17428]
O44 - LFC:[MD5.DBB542C0DB47EEE74C5488FBA90E4FED] - 26/05/2014 - 22:26:43 ---A- . (...) -- C:\Windows\System32\dentro-do-mesmo-quarto-de-bebe-com-decoracao-provencal-a-arquiteta-e-urbanista-magaly-gentil-montou-um-cantinho-para-a-higiene-da-crianca-sobre-a-bancada-de-madeira-com-pintura-1394145309806_102.jpg.lnk [1177]
O44 - LFC:[MD5.3A0D70384AECF220F84C741B5E966EC1] - 27/05/2014 - 10:13:25 ---A- . (...) -- C:\Windows\ntbtlog.txt [297306]
O44 - LFC:[MD5.4FF40AAF09781BCE1D850B306E0AF7BC] - 27/05/2014 - 10:21:33 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147808]
O44 - LFC:[MD5.DFD2433C51C330C8C1A2D7C825B653C5] - 27/05/2014 - 10:21:33 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706226]
~ Files: 60 Legitimates Filtered in 00mn 10s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/09/2012 - 19:58:30 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [152880]
O58 - SDL:17/09/2012 - 19:58:32 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [61488]
O58 - SDL:17/09/2012 - 19:58:32 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [29744]
O58 - SDL:17/09/2012 - 19:58:32 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/10/2011 - 03:19:53 ---A- . (.Windows (R) 2003 DDK 3790 provider - Generic Port I/O for Win32.) -- C:\Windows\System32\Drivers\rtport.sys [15656]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 105 Legitimates Filtered in 00mn 20s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 28/06/1742 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(...) - LEGACY_BHBASE
~ Legacy: 114 Legitimates Filtered in 00mn 01s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {31FCC53F-5F98-4C8D-9E37-FBD7E6165EE2} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.94E28010255D126FE7BFE4E55C06492C] [SPRF][04/12/2012] (.No owner - AVAST Software Setup Engine.) -- C:\Program Files\avast_free_antivirus_setup.exe [97495576]
~ Files: 1 Legitimates Filtered in 00mn 42s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
~ BTK: 276 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18/04/2013 574272 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
SS - | Auto 15/06/2011 146592 | (Atheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
SS - | Auto 15/06/2011 76960 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files\Bluetooth Suite\adminservice.exe
SS - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 11/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 11/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 11/03/2014 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 01/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 15/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 02/08/2013 471592 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Demand 06/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 01/06/2010 2057560 | (NOBU) . (.Symantec Corporation.) - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe =>.Symantec Corporation
SS - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SS - | Demand 09/08/2010 131888 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 01/07/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/07/2013 281560 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 01/07/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 167784 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 145568 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 281560 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/03/2014 655936 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 03/04/2014 169800 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 03/04/2014 179600 | (mfevtp) . (.McAfee, Inc..) - C:\windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 281560 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 26s



---\\ Scâner Aditional (088)
Database Version : 13026 - (24/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\Bonanza] =>Adware.BonanzaDeals^
~ Additionnel Scan: 389038 Items scanned in 01mn 31s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BonanzaDeals
~ MSI: 1 link(s) detected in 00mn 00s



~ 908 Legitimates filtered by white list
End of the scan (492 lines in 05mn 10s)(0)
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Power Max Ter 27 maio 2014, 13:30

Suprasavings + CE_Umbrellacert 772309  Parece que você não seguiu aquele tutorial que passei, continuam vários programas desnecessários iniciando com o Windows. Seria bom segui-lo para deixar seu PC mais eficiente.
_____________________________________________________________________________________________________________

Suprasavings + CE_Umbrellacert 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Suprasavings + CE_Umbrellacert 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.


Última edição por Power Max em Ter 27 maio 2014, 16:38, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 13:53

É que eu passei ele por último. E fiquei em dúvida do que eu posso tirar.
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 14:02

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Suellen at 27/05/2014 14:01:02
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BHBASE Parado

========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\Bonanza

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (3005) (330.262.168 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Estado dos serviços
1 : Restauração Sistema


End of clean in 04mn 46s

========== Caminho do ficheiro do relatório ==========
C:\Users\Suellen\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 12:01:17 [3203]
C:\Users\Suellen\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/05/2014 14:01:08 [1312]
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Power Max Ter 27 maio 2014, 14:03

Todos estes abaixo você pode desativar seguindo aquele tutorial que lhe passei e se no futuro você quiser que algum deles inicie novamente com o sistema basta ativar novamente no Ccleaner seguindo aquele tutorial:

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [WallpaperChanger] . (.James Garton - Desktop Wallpaper Changer.) -- C:\Program Files\Wallpaper Master\Wallpaper.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Suellen\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [WordWeb] . (.WordWeb Software - WordWeb.) -- C:\Program Files\WordWeb\wweb32.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C3E8D31D8757B5FA3DF83513FE338381] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [WallpaperChanger] . (.James Garton - Desktop Wallpaper Changer.) -- C:\Program Files\Wallpaper Master\Wallpaper.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Suellen\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [WordWeb] . (.WordWeb Software - WordWeb.) -- C:\Program Files\WordWeb\wweb32.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [GoogleChromeAutoLaunch_C3E8D31D8757B5FA3DF83513FE338381] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 14:46

Agora tá tudo certo?


~ Relatório do ZHPDiag v2014.5.26.74 - Nicolas Coolman (24/05/2014)
~ Iniciado por Suellen (27/05/2014 14:21:59)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.14

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2932 MB (29% free)
System Restore: Activé (Enable)
System drive C: has 95 GB (34%) free of 279 GB

---\\ Modo de conexão ao sistema
~ Computer Name: NOTE-SUE
~ User Name: Suellen
~ All Users Names: Suellen, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Suellen\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Suellen\AppData\Roaming\
~ %Desktop% : C:\Users\Suellen\Desktop\
~ %Favorites% : C:\Users\Suellen\Favorites\
~ %LocalAppData% : C:\Users\Suellen\AppData\Local\
~ %StartMenu% : C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 95 Go of 279 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: Modified
~ Security Center: 50 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 18:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 18:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 18:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 18:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 03s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/27
~ Mes musiques (My Musics) : 1/78
~ Mes Videos (My Videos) : 1/10
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 2/136
~ Mon Bureau (My Desktop) : 0/8
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.20C4FAB164451E396C403DEB59E4441E] - (.McAfee, Inc. - McAfee Process Validation Service.) -- C:\windows\system32\mfevtps.exe [179600] [PID.1952]
[MD5.16B115E3706F493BE99FCA5D75EE54CF] - (.McAfee, Inc. - McAfee Access Protection.) -- C:\Program Files\McAfee\MSC\McAPexe.exe [145568] [PID.3504]
[MD5.6E35C41DE0FAA9889238C21BE445B61C] - (.McAfee, Inc. - McAfee On-Access Scanner service.) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936] [PID.3680]
[MD5.ECC57611D3CED496F918C6E624BE635C] - (.McAfee, Inc. - McAfee Core Firewall Service.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [169800] [PID.2624]
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4297136] [PID.2724]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.10724]
[MD5.23D990150D56B670A62B21B9ABDD45EE] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.11384]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.5188]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\windows\system32\DllHost.exe [7168] [PID.14092]
[MD5.74557BFD04530E512DBB9C151C4DA110] - (.McAfee, Inc. - McAfee.) -- C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499384] [PID.17004]
[MD5.5007E21208DA68F60EBF43352BDFE6D0] - (.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560] [PID.17540]
[MD5.ECAB006AC6136F1307E140B633CDB8C2] - (.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784] [PID.17540]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.23844]
[MD5.244892A655DC5606833AB953C7491F0B] - (.McAfee, Inc. - McAfee Host.) -- C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe [148696] [PID.21596]
[MD5.1D040D09300DE4F68B6E5936FBA0E59A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7878144] [PID.6652]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\windows\system32\sppsvc.exe [3179520] [PID.6528]
~ Processes Running: Scanned in 00mn 03s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Suellen\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 12 Legitimates Filtered in 00mn 06s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl.dll
P2 - FPN: [HKCU] [vitzo.com/VDownloader] - (...) -- C:\Program Files\VDownloader\Addons\npVDownloader.dll (.not file.)
~ Firefox Browser: 16 Legitimates Filtered in 00mn 02s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
~ BHO: 18 Legitimates Filtered in 00mn 01s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [WallpaperChanger] . (.James Garton - Desktop Wallpaper Changer.) -- C:\Program Files\Wallpaper Master\Wallpaper.exe
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] . (.IObit - ASCTray.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1795128182-489873951-3285546841-1000\..\Run: [WallpaperChanger] . (.James Garton - Desktop Wallpaper Changer.) -- C:\Program Files\Wallpaper Master\Wallpaper.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation - Windows Live Messenger Companion core resources.) -- C:\Program Files\Windows Live\Companion\companionres.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} . (...) -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Chave orfã
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E62483AD-5D9A-4224-BBCD-48C778DC0C9D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpDomain = dqx.tvgvt
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{E62483AD-5D9A-4224-BBCD-48C778DC0C9D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpDomain = dqx.tvgvt
O17 - HKLM\System\CS2\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{E62483AD-5D9A-4224-BBCD-48C778DC0C9D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A4F9698D-6354-43D8-BE6A-7F1D2A5006D8}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{F00DCE30-6062-4678-A342-E10356B5305E}: DhcpDomain = dqx.tvgvt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1795128182-489873951-3285546841-1000Core [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1795128182-489873951-3285546841-1000UA [1082]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf281cb81f3d82 [1058]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 09s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (aswRdr) . (. - .) - C:\Windows\system32\Drivers\aswrdr2.sys (.not file.)
~ Drivers: 64 Legitimates Filtered in 00mn 02s



---\\ Software instalados (042)
O42 - Logiciel: Apostila concurso PRF versão 1.0 - (.DownloadApostilaConcurso.com.) [HKLM] -- {E3ED1756-CAFF-4BF3-843D-41C61E416ABA}_is1
O42 - Logiciel: Dic Michaelis - UOL - (...) [HKLM] -- WDIC
O42 - Logiciel: Plants vs Zombies - (...) [HKLM] -- Plants vs Zombies
O42 - Logiciel: The 5-Minute Veterinary Consult - (...) [HKLM] -- The 5-Minute Veterinary Consult
O42 - Logiciel: VADEMECUM VETERINARIO 2004-2005 - (...) [HKLM] -- VADEMECUM VETERINARIO 2004-20051.0
O42 - Logiciel: Veterinaria - (...) [HKLM] -- ST6UNST #1
O42 - Logiciel: Wallpaper Master v2.16 - (.James Garton.) [HKLM] -- Wallpaper Master_is1
O42 - Logiciel: WordWeb - (.WordWeb Software.) [HKLM] -- WordWeb
~ Logic: 21 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Amigo Mouse]
[HKCU\Software\SP22]
[HKCU\Software\UltraDownloads.com.br]
[HKCU\Software\WordWeb]
[HKLM\Software\CCB]
~ Key Software: 305 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/04/2012 - 00:15:47 - [] ----D C:\Program Files\5-MVC
O43 - CFD: 14/02/2014 - 22:44:54 - [] ----D C:\Program Files\KanjiGold
O43 - CFD: 04/07/2012 - 21:30:49 - [] ----D C:\Program Files\Plants vs Zombies
O43 - CFD: 19/03/2012 - 00:53:10 - [] ----D C:\Program Files\Vademecum
O43 - CFD: 19/01/2012 - 22:46:35 - [] ----D C:\Program Files\Veterinaria
O43 - CFD: 23/03/2012 - 17:37:25 - [] ----D C:\Program Files\Wallpaper Master
O43 - CFD: 01/10/2013 - 11:50:44 - [] ----D C:\Program Files\WordWeb
O43 - CFD: 12/04/2012 - 00:16:53 - [] ----D C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CPVet
O43 - CFD: 04/02/2013 - 22:57:46 - [0] ----D C:\Users\Suellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dic Michaelis - UOL
~ Program Folder: 206 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 21/05/2014 - 10:34:35 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 21/05/2014 - 11:35:37 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.7EC03C25D5DB656F2C7A9C85AC35CD67] - 21/05/2014 - 12:11:58 ----- . (...) -- C:\zoek-results.log [17428]
O44 - LFC:[MD5.DBB542C0DB47EEE74C5488FBA90E4FED] - 26/05/2014 - 22:26:43 ---A- . (...) -- C:\Windows\System32\dentro-do-mesmo-quarto-de-bebe-com-decoracao-provencal-a-arquiteta-e-urbanista-magaly-gentil-montou-um-cantinho-para-a-higiene-da-crianca-sobre-a-bancada-de-madeira-com-pintura-1394145309806_102.jpg.lnk [1177]
O44 - LFC:[MD5.4FF40AAF09781BCE1D850B306E0AF7BC] - 27/05/2014 - 10:21:33 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147808]
O44 - LFC:[MD5.DFD2433C51C330C8C1A2D7C825B653C5] - 27/05/2014 - 10:21:33 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706226]
~ Files: 50 Legitimates Filtered in 05mn 11s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\WordWeb [Key] . (.WordWeb Software - WordWeb.) -- C:\Program Files\WordWeb\wweb32.exe
~ SMSR Keys: 15 Legitimates Filtered in 00mn 01s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:17/09/2012 - 19:58:30 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [152880]
O58 - SDL:17/09/2012 - 19:58:32 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [61488]
O58 - SDL:17/09/2012 - 19:58:32 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [29744]
O58 - SDL:17/09/2012 - 19:58:32 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:21/10/2011 - 03:19:53 ---A- . (.Windows (R) 2003 DDK 3790 provider - Generic Port I/O for Win32.) -- C:\Windows\System32\Drivers\rtport.sys [15656]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 99 Legitimates Filtered in 00mn 09s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 28/06/1742 - C:\Windows\System32\drivers\Bhbase.sys (Bhbase) .(...) - LEGACY_BHBASE
~ Legacy: 114 Legitimates Filtered in 00mn 01s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {31FCC53F-5F98-4C8D-9E37-FBD7E6165EE2} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.94E28010255D126FE7BFE4E55C06492C] [SPRF][04/12/2012] (.No owner - AVAST Software Setup Engine.) -- C:\Program Files\avast_free_antivirus_setup.exe [97495576]
~ Files: 1 Legitimates Filtered in 00mn 03s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
~ BTK: 276 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 18/04/2013 574272 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
SS - | Auto 15/06/2011 146592 | (Atheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
SS - | Auto 15/06/2011 76960 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files\Bluetooth Suite\adminservice.exe
SS - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Auto 11/12/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 11/12/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 11/03/2014 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 01/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 15/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 02/08/2013 471592 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Demand 06/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 01/06/2010 2057560 | (NOBU) . (.Symantec Corporation.) - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe =>.Symantec Corporation
SS - | Auto 01/12/2009 244904 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
SS - | Demand 09/08/2010 131888 | (Samsung UPD Service) . (.Samsung Electronics CO., LTD..) - C:\windows\System32\SUPDSvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Auto 01/07/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/07/2013 281560 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 01/07/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 31/08/2012 167784 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 145568 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 281560 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 281560 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/03/2014 655936 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 03/04/2014 169800 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 03/04/2014 179600 | (mfevtp) . (.McAfee, Inc..) - C:\windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 281560 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 36s



---\\ Scâner Aditional (088)
Database Version : 13026 - (24/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
~ Additionnel Scan: 388058 Items scanned in 01mn 33s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 909 Legitimates filtered by white list
End of the scan (475 lines in 10mn 55s)(0)
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Power Max Ter 27 maio 2014, 14:56

Suprasavings + CE_Umbrellacert 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Suprasavings + CE_Umbrellacert 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.


Última edição por Power Max em Ter 27 maio 2014, 16:37, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 15:23

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Suellen at 27/05/2014 15:22:33
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 44s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BHBASE Parado

========== Chaves do Registo ==========
ELIMINÉ: Service: Bonjour Service

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\program files\bonjour\mdnsresponder.exe
ELIMINÉ Temporários windows (3005) (330.262.168 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
3 : Ficheiros
1 : Estado dos serviços
1 : Restauração Sistema


End of clean in 08mn 35s

========== Caminho do ficheiro do relatório ==========
C:\Users\Suellen\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/05/2014 12:01:17 [3203]
C:\Users\Suellen\AppData\Roaming\ZHP\ZHPFix[R2].txt - 27/05/2014 14:01:08 [1394]
C:\Users\Suellen\AppData\Roaming\ZHP\ZHPFix[R3].txt - 27/05/2014 15:23:18 [1190]
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Power Max Ter 27 maio 2014, 15:34

Como está o computador?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por suegm Ter 27 maio 2014, 15:59

O pc parece estar normal. Só o programa que abre o papel de parede não está funcionando. Tem também umas pastas que desconhecia antes, mas pelo que li elas são do sistema mesmo. Vc pode me confirmar, por favor? Default user; Documents and Settings; System volume Information; MSOCache; Recovery (Todas ocultas e com acesso negado) e Program Data; Default (ocultas).


Última edição por suegm em Ter 27 maio 2014, 16:05, editado 1 vez(es)
suegm
suegm
Iniciante
Iniciante

Mensagens : 18
Reputação : 0
Data de inscrição : 26/05/2014

Ir para o topo Ir para baixo

Suprasavings + CE_Umbrellacert Empty Re: Suprasavings + CE_Umbrellacert

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Página 1 de 2 1, 2  Seguinte

Ir para o topo

- Tópicos semelhantes

 
Permissões neste sub-fórum
Não podes responder a tópicos