Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 7 usuários online :: 0 registrados, 0 invisíveis e 7 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Sweetpages - Já tentei usar o Adwcleaner e nada
3 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 12:49
Boa tarde.
Ontem instalei um programa errado achando que era o Adobe PDF Reader e esse Sweetpages veio junto. Já tentei utilizar todas as dicas que uma pesquisa no Google pode trazer, inclusive utilizando o Adwcleaner. Tenho alguns relatórios dele aqui que posso colar. Já não sei mais o que fazer. Vocês poderiam me ajudar?
Grato
Relatório 01
# AdwCleaner v3.211 - Report created 01/06/2014 at 11:56:38
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gabriel - GABRIEL-PC
# Running from : C:\Users\Gabriel\Downloads\Programas\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v35.0.1916.114
[ File : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [3112 octets] - [01/06/2014 11:30:06]
AdwCleaner[R1].txt - [1323 octets] - [01/06/2014 11:55:54]
AdwCleaner[S0].txt - [2980 octets] - [01/06/2014 11:30:41]
AdwCleaner[S1].txt - [1252 octets] - [01/06/2014 11:56:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1312 octets] ##########
Relatório 02 (Depois que resolvi desinstalar o Chrome)
# AdwCleaner v3.211 - Report created 01/06/2014 at 12:02:55
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gabriel - GABRIEL-PC
# Running from : C:\Users\Gabriel\Downloads\Programas\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow\Software
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
*************************
AdwCleaner[R0].txt - [3112 octets] - [01/06/2014 11:30:06]
AdwCleaner[R1].txt - [1323 octets] - [01/06/2014 11:55:54]
AdwCleaner[R2].txt - [943 octets] - [01/06/2014 12:02:25]
AdwCleaner[S0].txt - [2980 octets] - [01/06/2014 11:30:41]
AdwCleaner[S1].txt - [1392 octets] - [01/06/2014 11:56:38]
AdwCleaner[S2].txt - [867 octets] - [01/06/2014 12:02:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [926 octets] ##########
Relatório 03 (Depois de reinstalado o Chrome)
# AdwCleaner v3.211 - Report created 01/06/2014 at 12:18:24
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gabriel - GABRIEL-PC
# Running from : C:\Users\Gabriel\Downloads\Programas\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow\Software
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v35.0.1916.114
[ File : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [3112 octets] - [01/06/2014 11:30:06]
AdwCleaner[R1].txt - [1323 octets] - [01/06/2014 11:55:54]
AdwCleaner[R2].txt - [943 octets] - [01/06/2014 12:02:25]
AdwCleaner[R3].txt - [1015 octets] - [01/06/2014 12:05:13]
AdwCleaner[R4].txt - [1075 octets] - [01/06/2014 12:14:00]
AdwCleaner[R5].txt - [1376 octets] - [01/06/2014 12:17:47]
AdwCleaner[S0].txt - [2980 octets] - [01/06/2014 11:30:41]
AdwCleaner[S1].txt - [1392 octets] - [01/06/2014 11:56:38]
AdwCleaner[S2].txt - [1005 octets] - [01/06/2014 12:02:55]
AdwCleaner[S3].txt - [1301 octets] - [01/06/2014 12:18:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1361 octets] ##########
Relatório 04 (O sweetpage fica voltando mesmo tendo desinstalado o brownser)
# AdwCleaner v3.211 - Report created 01/06/2014 at 12:36:27
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gabriel - GABRIEL-PC
# Running from : C:\Users\Gabriel\Downloads\Programas\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v35.0.1916.114
[ File : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [3112 octets] - [01/06/2014 11:30:06]
AdwCleaner[R1].txt - [1323 octets] - [01/06/2014 11:55:54]
AdwCleaner[R2].txt - [943 octets] - [01/06/2014 12:02:25]
AdwCleaner[R3].txt - [1015 octets] - [01/06/2014 12:05:13]
AdwCleaner[R4].txt - [1075 octets] - [01/06/2014 12:14:00]
AdwCleaner[R5].txt - [1376 octets] - [01/06/2014 12:17:47]
AdwCleaner[R6].txt - [1802 octets] - [01/06/2014 12:33:40]
AdwCleaner[S0].txt - [2980 octets] - [01/06/2014 11:30:41]
AdwCleaner[S1].txt - [1392 octets] - [01/06/2014 11:56:38]
AdwCleaner[S2].txt - [1005 octets] - [01/06/2014 12:02:55]
AdwCleaner[S3].txt - [1441 octets] - [01/06/2014 12:18:24]
AdwCleaner[S4].txt - [1731 octets] - [01/06/2014 12:36:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1791 octets] ##########
Ontem instalei um programa errado achando que era o Adobe PDF Reader e esse Sweetpages veio junto. Já tentei utilizar todas as dicas que uma pesquisa no Google pode trazer, inclusive utilizando o Adwcleaner. Tenho alguns relatórios dele aqui que posso colar. Já não sei mais o que fazer. Vocês poderiam me ajudar?
Grato
Relatório 01
# AdwCleaner v3.211 - Report created 01/06/2014 at 11:56:38
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gabriel - GABRIEL-PC
# Running from : C:\Users\Gabriel\Downloads\Programas\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v35.0.1916.114
[ File : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [3112 octets] - [01/06/2014 11:30:06]
AdwCleaner[R1].txt - [1323 octets] - [01/06/2014 11:55:54]
AdwCleaner[S0].txt - [2980 octets] - [01/06/2014 11:30:41]
AdwCleaner[S1].txt - [1252 octets] - [01/06/2014 11:56:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1312 octets] ##########
Relatório 02 (Depois que resolvi desinstalar o Chrome)
# AdwCleaner v3.211 - Report created 01/06/2014 at 12:02:55
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gabriel - GABRIEL-PC
# Running from : C:\Users\Gabriel\Downloads\Programas\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow\Software
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
*************************
AdwCleaner[R0].txt - [3112 octets] - [01/06/2014 11:30:06]
AdwCleaner[R1].txt - [1323 octets] - [01/06/2014 11:55:54]
AdwCleaner[R2].txt - [943 octets] - [01/06/2014 12:02:25]
AdwCleaner[S0].txt - [2980 octets] - [01/06/2014 11:30:41]
AdwCleaner[S1].txt - [1392 octets] - [01/06/2014 11:56:38]
AdwCleaner[S2].txt - [867 octets] - [01/06/2014 12:02:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [926 octets] ##########
Relatório 03 (Depois de reinstalado o Chrome)
# AdwCleaner v3.211 - Report created 01/06/2014 at 12:18:24
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gabriel - GABRIEL-PC
# Running from : C:\Users\Gabriel\Downloads\Programas\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow\Software
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v35.0.1916.114
[ File : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [3112 octets] - [01/06/2014 11:30:06]
AdwCleaner[R1].txt - [1323 octets] - [01/06/2014 11:55:54]
AdwCleaner[R2].txt - [943 octets] - [01/06/2014 12:02:25]
AdwCleaner[R3].txt - [1015 octets] - [01/06/2014 12:05:13]
AdwCleaner[R4].txt - [1075 octets] - [01/06/2014 12:14:00]
AdwCleaner[R5].txt - [1376 octets] - [01/06/2014 12:17:47]
AdwCleaner[S0].txt - [2980 octets] - [01/06/2014 11:30:41]
AdwCleaner[S1].txt - [1392 octets] - [01/06/2014 11:56:38]
AdwCleaner[S2].txt - [1005 octets] - [01/06/2014 12:02:55]
AdwCleaner[S3].txt - [1301 octets] - [01/06/2014 12:18:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1361 octets] ##########
Relatório 04 (O sweetpage fica voltando mesmo tendo desinstalado o brownser)
# AdwCleaner v3.211 - Report created 01/06/2014 at 12:36:27
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gabriel - GABRIEL-PC
# Running from : C:\Users\Gabriel\Downloads\Programas\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v35.0.1916.114
[ File : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [3112 octets] - [01/06/2014 11:30:06]
AdwCleaner[R1].txt - [1323 octets] - [01/06/2014 11:55:54]
AdwCleaner[R2].txt - [943 octets] - [01/06/2014 12:02:25]
AdwCleaner[R3].txt - [1015 octets] - [01/06/2014 12:05:13]
AdwCleaner[R4].txt - [1075 octets] - [01/06/2014 12:14:00]
AdwCleaner[R5].txt - [1376 octets] - [01/06/2014 12:17:47]
AdwCleaner[R6].txt - [1802 octets] - [01/06/2014 12:33:40]
AdwCleaner[S0].txt - [2980 octets] - [01/06/2014 11:30:41]
AdwCleaner[S1].txt - [1392 octets] - [01/06/2014 11:56:38]
AdwCleaner[S2].txt - [1005 octets] - [01/06/2014 12:02:55]
AdwCleaner[S3].txt - [1441 octets] - [01/06/2014 12:18:24]
AdwCleaner[S4].txt - [1731 octets] - [01/06/2014 12:36:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1791 octets] ##########
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 13:14
Olá. Poste, por gentileza, o relatório do Adwcleaner que está neste local abaixo:
C:\AdwCleaner\AdwCleaner[S0].txt
C:\AdwCleaner\AdwCleaner[S0].txt
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 13:19
Este aqui?
# AdwCleaner v3.211 - Report created 01/06/2014 at 11:30:41
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gabriel - GABRIEL-PC
# Running from : C:\Users\Gabriel\Downloads\Programas\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : IePluginServices
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\LPT
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Users\Gabriel\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Gabriel\AppData\Local\Smartbar
Folder Deleted : C:\Users\Gabriel\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Gabriel\AppData\Roaming\baidu
Folder Deleted : C:\Users\Gabriel\AppData\Roaming\sweet-page
Folder Deleted : C:\Users\Gabriel\AppData\Roaming\Systweak
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Gabriel\daemonprocess.txt
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\sweet-pageSoftware
Key Deleted : HKLM\Software\Wpm
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v35.0.1916.114
[ File : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [3112 octets] - [01/06/2014 11:30:06]
AdwCleaner[S0].txt - [2828 octets] - [01/06/2014 11:30:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2888 octets] ##########
# AdwCleaner v3.211 - Report created 01/06/2014 at 11:30:41
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Gabriel - GABRIEL-PC
# Running from : C:\Users\Gabriel\Downloads\Programas\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : IePluginServices
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\LPT
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Users\Gabriel\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Gabriel\AppData\Local\Smartbar
Folder Deleted : C:\Users\Gabriel\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Gabriel\AppData\Roaming\baidu
Folder Deleted : C:\Users\Gabriel\AppData\Roaming\sweet-page
Folder Deleted : C:\Users\Gabriel\AppData\Roaming\Systweak
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Gabriel\daemonprocess.txt
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\sweet-pageSoftware
Key Deleted : HKLM\Software\Wpm
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v35.0.1916.114
[ File : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deleted [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [3112 octets] - [01/06/2014 11:30:06]
AdwCleaner[S0].txt - [2828 octets] - [01/06/2014 11:30:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2888 octets] ##########
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 13:22
No seu PC está constando também a presença do Baidu. Você quer removê-lo ou continuar com ele?___________________________________________________________________________________________
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 01 Jun 2014, 15:59, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 13:46
Eu quero retirar esse Baidu também. Fiz o que você postou, o relatório segue abaixo:
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Gabriel on 01/06/2014 at 13:27:48,72.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gabriel\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
01/06/2014 13:28:17 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Gabriel\.android deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Users\Gabriel\AppData\Local\cache deleted
C:\Windows\wininit.ini deleted
C:\Users\Gabriel\AppData\Roaming\unins000.exe deleted
==== Folders Found ======================
2014-06-01 14:30:41 2014-06-01 14:30:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-01 14:30:44 2014-06-01 14:30:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Gabriel\AppData\Roaming\baidu
2014-06-01 14:30:44 2014-06-01 14:30:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Gabriel\AppData\Roaming\baidu\Baidu Antivirus
2014-05-11 06:03:37 2014-05-11 06:03:37 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-05-11 06:03:37 2014-05-31 16:00:06 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-05-31 03:12:16 2014-06-01 14:58:39 -------- d-----w- C:\ProgramData\Baidu Security
2014-05-31 03:12:16 2014-06-01 14:58:39 -------- d-----w- C:\Users\All Users\Baidu Security
==== Files Found ======================
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Gabriel\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe"="Baidu Antivirus Uninstall"
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Gabriel\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe"="Baidu Antivirus Uninstall"
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
Google Docs - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Unfriend Alerts - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbeldbnadmemecalekdfnffgobkpafc
Google Mail Checker - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Google Wallet - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
Gmail - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - D:\Programas\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\DAEMON Tools Pro.lnk - C:\Program Files (x86)\DAEMON Tools Pro\DTPro.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Hearthstone.lnk - C:\Hearthstone\Hearthstone Beta Launcher.exe
C:\Users\Public\Desktop\iTunes.lnk - D:\Programas\iTunes.exe
C:\Users\Public\Desktop\Protect.lnk - C:\Program Files (x86)\GVT\trigger.exe --open-launchpad --operator-id 51855
C:\Users\Public\Desktop\RealPlayer.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:desktop
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Steam.lnk - D:\Jogos\Steam\Steam.exe
C:\Users\Public\Desktop\Wireless Connection Manager.lnk - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Users\Public\Desktop\World of Warcraft.lnk - C:\World of Warcraft\World of Warcraft Launcher.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk - C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - D:\Jogos\Steam\Steam.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - D:\Programas\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link\RangeBooster G WUA-2340\Connection Wizard.lnk - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\D-Link Wizard.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link\RangeBooster G WUA-2340\Uninstall.lnk - C:\Program Files (x86)\InstallShield Installation Information\{188CEE76-0503-4910-A845-E1DC45685DA0}\setup.exe -runfromtemp -l0x0009
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link\RangeBooster G WUA-2340\Wireless Connection Manager.lnk - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro\DAEMON Tools Pro.lnk - C:\Program Files (x86)\DAEMON Tools Pro\DTPro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro\DTGadget.lnk - C:\Program Files (x86)\DAEMON Tools Pro\DT.gadget
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro\Image Editor.lnk - C:\Program Files (x86)\DAEMON Tools Pro\DTImgEditor.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\TERA.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft™.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GVT\Protect.lnk - C:\Program Files (x86)\GVT\trigger.exe --open-launchpad --operator-id 51855
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GVT\Support Tool.lnk - C:\Program Files (x86)\GVT\diagnostics\fsdiag.exe /OPERATORID:51855
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk - C:\Hearthstone\Hearthstone Beta Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk - C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Management Engine Components\Intel(R) Management and Security Status.lnk - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - D:\Programas\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - D:\Programas\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk - C:\Program Files (x86)\Real\RealPlayer\realconverter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Trimmer.lnk - C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:start_menu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - D:\Jogos\Steam\Steam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Faturamento de conta.lnk - C:\World of Warcraft\Data\ptBR\AccountBilling.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Suporte técnico da Blizzard.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk - C:\World of Warcraft\World of Warcraft Launcher.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE /recycle
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gabriel\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=12 folders=22 997036 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gabriel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Gabriel\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
==== EOF on 01/06/2014 at 13:44:22,15 ======================
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Gabriel on 01/06/2014 at 13:27:48,72.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gabriel\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
01/06/2014 13:28:17 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Gabriel\.android deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Users\Gabriel\AppData\Local\cache deleted
C:\Windows\wininit.ini deleted
C:\Users\Gabriel\AppData\Roaming\unins000.exe deleted
==== Folders Found ======================
2014-06-01 14:30:41 2014-06-01 14:30:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-01 14:30:44 2014-06-01 14:30:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Gabriel\AppData\Roaming\baidu
2014-06-01 14:30:44 2014-06-01 14:30:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Gabriel\AppData\Roaming\baidu\Baidu Antivirus
2014-05-11 06:03:37 2014-05-11 06:03:37 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-05-11 06:03:37 2014-05-31 16:00:06 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-05-31 03:12:16 2014-06-01 14:58:39 -------- d-----w- C:\ProgramData\Baidu Security
2014-05-31 03:12:16 2014-06-01 14:58:39 -------- d-----w- C:\Users\All Users\Baidu Security
==== Files Found ======================
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Gabriel\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe"="Baidu Antivirus Uninstall"
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Gabriel\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe"="Baidu Antivirus Uninstall"
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
Google Docs - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Unfriend Alerts - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbeldbnadmemecalekdfnffgobkpafc
Google Mail Checker - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Google Wallet - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
Gmail - Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\aTube Catcher.lnk - D:\Programas\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\DAEMON Tools Pro.lnk - C:\Program Files (x86)\DAEMON Tools Pro\DTPro.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Hearthstone.lnk - C:\Hearthstone\Hearthstone Beta Launcher.exe
C:\Users\Public\Desktop\iTunes.lnk - D:\Programas\iTunes.exe
C:\Users\Public\Desktop\Protect.lnk - C:\Program Files (x86)\GVT\trigger.exe --open-launchpad --operator-id 51855
C:\Users\Public\Desktop\RealPlayer.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:desktop
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Steam.lnk - D:\Jogos\Steam\Steam.exe
C:\Users\Public\Desktop\Wireless Connection Manager.lnk - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Users\Public\Desktop\World of Warcraft.lnk - C:\World of Warcraft\World of Warcraft Launcher.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk - C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - D:\Jogos\Steam\Steam.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - D:\Programas\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link\RangeBooster G WUA-2340\Connection Wizard.lnk - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\D-Link Wizard.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link\RangeBooster G WUA-2340\Uninstall.lnk - C:\Program Files (x86)\InstallShield Installation Information\{188CEE76-0503-4910-A845-E1DC45685DA0}\setup.exe -runfromtemp -l0x0009
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link\RangeBooster G WUA-2340\Wireless Connection Manager.lnk - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro\DAEMON Tools Pro.lnk - C:\Program Files (x86)\DAEMON Tools Pro\DTPro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro\DTGadget.lnk - C:\Program Files (x86)\DAEMON Tools Pro\DT.gadget
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro\Image Editor.lnk - C:\Program Files (x86)\DAEMON Tools Pro\DTImgEditor.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\TERA.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft™.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GVT\Protect.lnk - C:\Program Files (x86)\GVT\trigger.exe --open-launchpad --operator-id 51855
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GVT\Support Tool.lnk - C:\Program Files (x86)\GVT\diagnostics\fsdiag.exe /OPERATORID:51855
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk - C:\Hearthstone\Hearthstone Beta Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk - C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Management Engine Components\Intel(R) Management and Security Status.lnk - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - D:\Programas\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - D:\Programas\iTunes.Resources\pt.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\lyncicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\grv_icons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\dbcicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmclienticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\osmadminicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-0000-0000000FF1CE}\sscicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk - C:\Program Files (x86)\Real\RealPlayer\realconverter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Trimmer.lnk - C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:start_menu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - D:\Jogos\Steam\Steam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Faturamento de conta.lnk - C:\World of Warcraft\Data\ptBR\AccountBilling.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Suporte técnico da Blizzard.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk - C:\World of Warcraft\World of Warcraft Launcher.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE /recycle
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gabriel\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=12 folders=22 997036 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gabriel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Gabriel\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
==== EOF on 01/06/2014 at 13:44:22,15 ======================
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 15:57
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 01 Jun 2014, 20:11, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 19:55
Não consegui pegar naquele endereço que você forneceu, mas eu salvei o log que apareceu ao fim. Segue abaixo:
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Gabriel on 01/06/2014 at 19:42:45,09.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gabriel\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-01-164422.log 28347 bytes
==== System Restore Info ======================
01/06/2014 19:43:33 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Gabriel\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe"=-
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Gabriel\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
==== Folders Found ======================
2014-06-01 14:30:41 2014-06-01 14:30:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-01 14:30:44 2014-06-01 14:30:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Gabriel\AppData\Roaming\baidu
2014-06-01 14:30:44 2014-06-01 14:30:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Gabriel\AppData\Roaming\baidu\Baidu Antivirus
2014-06-01 22:44:15 2014-06-01 22:44:15 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-06-01 22:44:15 2014-06-01 22:44:15 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-06-01 22:44:15 2014-06-01 14:58:39 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-01 22:44:15 2014-06-01 14:58:39 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-01 22:44:15 2014-06-01 22:44:15 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
==== Files Found ======================
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=14 folders=27 3046072 bytes)
==== EOF on 01/06/2014 at 19:45:25,21 ======================
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Gabriel on 01/06/2014 at 19:42:45,09.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gabriel\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-01-164422.log 28347 bytes
==== System Restore Info ======================
01/06/2014 19:43:33 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Gabriel\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe"=-
[HKEY_USERS\S-1-5-21-2685067900-1822866205-979970078-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Gabriel\\AppData\\Local\\Temp\\~nsu.tmp\\Au_.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
==== Folders Found ======================
2014-06-01 14:30:41 2014-06-01 14:30:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-06-01 14:30:44 2014-06-01 14:30:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Gabriel\AppData\Roaming\baidu
2014-06-01 14:30:44 2014-06-01 14:30:44 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Gabriel\AppData\Roaming\baidu\Baidu Antivirus
2014-06-01 22:44:15 2014-06-01 22:44:15 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-06-01 22:44:15 2014-06-01 22:44:15 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-06-01 22:44:15 2014-06-01 14:58:39 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-01 22:44:15 2014-06-01 14:58:39 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-01 22:44:15 2014-06-01 22:44:15 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
==== Files Found ======================
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=14 folders=27 3046072 bytes)
==== EOF on 01/06/2014 at 19:45:25,21 ======================
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 20:10
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 01 Jun 2014, 20:17, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 20:15
Aqui o resultado.
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Gabriel on 01/06/2014 at 20:13:38,03.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gabriel\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-01-164422.log 28347 bytes
C:\zoek-results2014-06-01-224525.log 6083 bytes
==== System Restore Info ======================
01/06/2014 20:13:58 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
==== Registry Search Results for "Baidu" ======================
No instances of string "Baidu" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=14 folders=27 3046072 bytes)
==== EOF on 01/06/2014 at 20:14:22,15 ======================
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Gabriel on 01/06/2014 at 20:13:38,03.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gabriel\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-01-164422.log 28347 bytes
C:\zoek-results2014-06-01-224525.log 6083 bytes
==== System Restore Info ======================
01/06/2014 20:13:58 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
==== Registry Search Results for "Baidu" ======================
No instances of string "Baidu" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=14 folders=27 3046072 bytes)
==== EOF on 01/06/2014 at 20:14:22,15 ======================
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 20:17
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 20:34
Certo. Aqui está.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Gabriel on 01/06/2014 at 20:24:04,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/06/2014 at 20:32:53,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Gabriel on 01/06/2014 at 20:24:04,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/06/2014 at 20:32:53,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 20:35
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 20:46
Aqui.
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Gabriel (01/06/2014 20:44:10)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Computer Security 12.77.101.0
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8098 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 4 GB (4%) free of 78 GB
---\\ Modo de conexão ao sistema
~ Computer Name: GABRIEL-PC
~ User Name: Gabriel
~ All Users Names: Guest, Gabriel, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Gabriel\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Gabriel\AppData\Roaming\
~ %Desktop% : C:\Users\Gabriel\Desktop\
~ %Favorites% : C:\Users\Gabriel\Favorites\
~ %LocalAppData% : C:\Users\Gabriel\AppData\Local\
~ %StartMenu% : C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 4 Go of 78 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1723 Go of 1785 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
F: Hard drive, Flash drive, Thumb drive (Free 11 Go of 699 Go)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.09/05/2014 - 01:52:06.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Windows Logon Application.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/18032
~ Mes musiques (My Musics) : 1/9
~ Mes Videos (My Videos) : 1/214
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/35
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.5EA707336336DDFADE5FD3726CEA1523] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.3576]
[MD5.D7C56CB89EF04A8D0544023FA12045FF] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe [2748112] [PID.3972]
[MD5.094E4E76FB9AB960A73F841BC6733F42] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.4160]
[MD5.A05602FCF939A0A051D0CDF8C5CEDA98] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096] [PID.4168]
[MD5.4E3B9E4D292232D9BB01288D961C5BC2] - (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [1667072] [PID.4180]
[MD5.6AFD3970A41F48306874DB23991A4955] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152] [PID.4228]
[MD5.A0F2C92F410EBAE832DFE507C7E4D6FA] - (.F-Secure Corporation - F-Secure Host Process.) -- C:\Program Files (x86)\GVT\fshoster32.exe [188400] [PID.1992]
[MD5.5DF9D84032F52FBD736DA2AC6ABE860D] - (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.exe [310208] [PID.4244]
[MD5.D2E3E6D94A9E1CFA1561D9C748136FD0] - (.Apple Inc. - iTunesHelper.) -- D:\Programas\iTunesHelper.exe [152392] [PID.4336]
[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.5732]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.61172]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.69864]
[MD5.CDA9313E34887A111B8309B55BCDCD82] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.944]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1724]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1860]
[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.1912]
[MD5.C67B42683036A503A2123EBEE9220AAA] - (.F-Secure Corporation - F-Secure ORSP Service.) -- C:\Program Files (x86)\GVT\apps\CCF_Reputation\fsorsp.exe [61176] [PID.1216]
[MD5.C0F5A63472D8A67B919C3A38D84A80C0] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\FSGK32.exe [679464] [PID.1764]
[MD5.C50CD479FD1BB886244E2663DFFBCF6A] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888] [PID.2004]
[MD5.480F368D8AD18D57A0A9F4B562A00A84] - (.F-Secure Corporation - F-Secure Management Agent.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSMA32.exe [207808] [PID.2808]
[MD5.22B759B44B8E9C7DB504993E38AC2AE8] - (.F-Secure Corporation - F-Secure Scanner Manager 32-bit.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\fssm32.exe [1227304] [PID.2864]
[MD5.20E83F4632E15A5E9E716FF2E8AC7FAE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.5504]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.5140]
[MD5.08E2B577DB95156F9A658C988EE71F5D] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.340]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Gabriel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (.not file.)
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [D-Link RangeBooster G WUA-2340] . (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Wow6432Node\Run: [ANIWZCS2Service] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Hoster (51855)] . (.F-Secure Corporation - F-Secure Host Process.) -- C:\Program Files (x86)\GVT\fshoster32.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Manager] . (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- D:\Programas\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2685067900-1822866205-979970078-1000\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office15\ONBttnIE.dll (.not file.)
O9 - Extra button: Clique para Telefonar do Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_Gabriel.job [378]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Gabriel [378]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_Gabriel.job [374]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_Gabriel [374]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Gabriel.job [384]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Gabriel [384]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (fsvista) . (...) - C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Daylight - (.Zombie Studios.) [HKLM][64Bits] -- Steam App 230840
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
~ Logic: 21 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
~ Key Software: 222 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2014 - 13:12:35 - [] ----D C:\Program Files (x86)\GVT
~ Program Folder: 127 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.AC1C5202355616088CECC39B86C54C76] - 01/06/2014 - 13:44:22 ---A- . (...) -- C:\zoek-results2014-06-01-164422.log [28347]
O44 - LFC:[MD5.DAA86266B3260BEB416B67E27A445145] - 01/06/2014 - 19:45:25 ---A- . (...) -- C:\zoek-results2014-06-01-224525.log [6083]
O44 - LFC:[MD5.3419A970FBCD95015063826ECA3CFE24] - 01/06/2014 - 20:14:22 ---A- . (...) -- C:\zoek-results.log [1242]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 21/05/2014 - 01:51:21 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.BC9F8BE4A28203AB291977442BE409C7] - 31/05/2014 - 19:57:09 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.BC9F8BE4A28203AB291977442BE409C7] - 31/05/2014 - 19:57:10 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20832]
~ Files: 15 Legitimates Filtered in 00mn 30s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{bebe604b-d725-11e3-aaf7-e03f49e3e7a9}\AutoRun\command. (.Microsoft Corporation - Microsoft Setup Bootstrapper.) -- E:\SETUP.exe
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2014 - 00:03:22 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:17/05/2014 - 09:39:44 ---A- . (...) -- C:\Windows\System32\Drivers\fsbts.sys [56016]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/08/2012 - 14:54:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:02/04/2009 - 17:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:17/05/2014 - 09:32:04 ---A- . (...) -- C:\Windows\SysWOW64\drivers\fsbts.sys [41024]
~ Drivers: 60 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.CBFAD3D8978639FE20AAD0D7793F00C0] [SPRF][10/05/2014] (...) -- C:\Users\Gabriel\AppData\Roaming\unins000.dat [15897]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{59F3F970-A65B-46E8-A680-C6D54CE5190E}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{283E954D-BE40-42D3-A469-18D92C081515}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 01/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 19/05/2008 954368 | (jswpsapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 23/04/2014 572096 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07/05/2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 18/01/2013 188400 | (fshoster) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\fshoster32.exe
SR - | Demand 20/08/2013 207808 | (FSMA) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSMA32.exe
SR - | Auto 06/08/2012 61176 | (FSORSPClient) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\apps\CCF_Reputation\fsorsp.exe
SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 16/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 16/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 30/04/2014 1618888 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 21009352 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 04/03/2014 922968 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 04/03/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
~ Additionnel Scan: 230189 Items scanned in 00mn 07s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
~ MSI: 1 link(s) detected in 00mn 00s
~ 679 Legitimates filtered by white list
End of the scan (400 lines in 01mn 02s)(0)
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Gabriel (01/06/2014 20:44:10)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Computer Security 12.77.101.0
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8098 MB (63% free)
System Restore: Activé (Enable)
System drive C: has 4 GB (4%) free of 78 GB
---\\ Modo de conexão ao sistema
~ Computer Name: GABRIEL-PC
~ User Name: Gabriel
~ All Users Names: Guest, Gabriel, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Gabriel\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Gabriel\AppData\Roaming\
~ %Desktop% : C:\Users\Gabriel\Desktop\
~ %Favorites% : C:\Users\Gabriel\Favorites\
~ %LocalAppData% : C:\Users\Gabriel\AppData\Local\
~ %StartMenu% : C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 4 Go of 78 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1723 Go of 1785 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
F: Hard drive, Flash drive, Thumb drive (Free 11 Go of 699 Go)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.09/05/2014 - 01:52:06.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Windows Logon Application.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/18032
~ Mes musiques (My Musics) : 1/9
~ Mes Videos (My Videos) : 1/214
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/35
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.5EA707336336DDFADE5FD3726CEA1523] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.3576]
[MD5.D7C56CB89EF04A8D0544023FA12045FF] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe [2748112] [PID.3972]
[MD5.094E4E76FB9AB960A73F841BC6733F42] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.4160]
[MD5.A05602FCF939A0A051D0CDF8C5CEDA98] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096] [PID.4168]
[MD5.4E3B9E4D292232D9BB01288D961C5BC2] - (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [1667072] [PID.4180]
[MD5.6AFD3970A41F48306874DB23991A4955] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152] [PID.4228]
[MD5.A0F2C92F410EBAE832DFE507C7E4D6FA] - (.F-Secure Corporation - F-Secure Host Process.) -- C:\Program Files (x86)\GVT\fshoster32.exe [188400] [PID.1992]
[MD5.5DF9D84032F52FBD736DA2AC6ABE860D] - (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.exe [310208] [PID.4244]
[MD5.D2E3E6D94A9E1CFA1561D9C748136FD0] - (.Apple Inc. - iTunesHelper.) -- D:\Programas\iTunesHelper.exe [152392] [PID.4336]
[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.5732]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.61172]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.69864]
[MD5.CDA9313E34887A111B8309B55BCDCD82] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.944]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1724]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1860]
[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.1912]
[MD5.C67B42683036A503A2123EBEE9220AAA] - (.F-Secure Corporation - F-Secure ORSP Service.) -- C:\Program Files (x86)\GVT\apps\CCF_Reputation\fsorsp.exe [61176] [PID.1216]
[MD5.C0F5A63472D8A67B919C3A38D84A80C0] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\FSGK32.exe [679464] [PID.1764]
[MD5.C50CD479FD1BB886244E2663DFFBCF6A] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888] [PID.2004]
[MD5.480F368D8AD18D57A0A9F4B562A00A84] - (.F-Secure Corporation - F-Secure Management Agent.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSMA32.exe [207808] [PID.2808]
[MD5.22B759B44B8E9C7DB504993E38AC2AE8] - (.F-Secure Corporation - F-Secure Scanner Manager 32-bit.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\fssm32.exe [1227304] [PID.2864]
[MD5.20E83F4632E15A5E9E716FF2E8AC7FAE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.5504]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.5140]
[MD5.08E2B577DB95156F9A658C988EE71F5D] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.340]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Gabriel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (.not file.)
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Wow6432Node\Run: [D-Link RangeBooster G WUA-2340] . (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Wow6432Node\Run: [ANIWZCS2Service] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Hoster (51855)] . (.F-Secure Corporation - F-Secure Host Process.) -- C:\Program Files (x86)\GVT\fshoster32.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Manager] . (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- D:\Programas\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2685067900-1822866205-979970078-1000\..\Run: [DAEMON Tools Pro Agent] . (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office15\ONBttnIE.dll (.not file.)
O9 - Extra button: Clique para Telefonar do Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_Gabriel.job [378]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Gabriel [378]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_Gabriel.job [374]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_Gabriel [374]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Gabriel.job [384]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Gabriel [384]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (fsvista) . (...) - C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Daylight - (.Zombie Studios.) [HKLM][64Bits] -- Steam App 230840
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
~ Logic: 21 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab
~ Key Software: 222 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2014 - 13:12:35 - [] ----D C:\Program Files (x86)\GVT
~ Program Folder: 127 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.AC1C5202355616088CECC39B86C54C76] - 01/06/2014 - 13:44:22 ---A- . (...) -- C:\zoek-results2014-06-01-164422.log [28347]
O44 - LFC:[MD5.DAA86266B3260BEB416B67E27A445145] - 01/06/2014 - 19:45:25 ---A- . (...) -- C:\zoek-results2014-06-01-224525.log [6083]
O44 - LFC:[MD5.3419A970FBCD95015063826ECA3CFE24] - 01/06/2014 - 20:14:22 ---A- . (...) -- C:\zoek-results.log [1242]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 21/05/2014 - 01:51:21 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.BC9F8BE4A28203AB291977442BE409C7] - 31/05/2014 - 19:57:09 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.BC9F8BE4A28203AB291977442BE409C7] - 31/05/2014 - 19:57:10 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20832]
~ Files: 15 Legitimates Filtered in 00mn 30s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{bebe604b-d725-11e3-aaf7-e03f49e3e7a9}\AutoRun\command. (.Microsoft Corporation - Microsoft Setup Bootstrapper.) -- E:\SETUP.exe
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2014 - 00:03:22 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:17/05/2014 - 09:39:44 ---A- . (...) -- C:\Windows\System32\Drivers\fsbts.sys [56016]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/08/2012 - 14:54:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:02/04/2009 - 17:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:17/05/2014 - 09:32:04 ---A- . (...) -- C:\Windows\SysWOW64\drivers\fsbts.sys [41024]
~ Drivers: 60 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.CBFAD3D8978639FE20AAD0D7793F00C0] [SPRF][10/05/2014] (...) -- C:\Users\Gabriel\AppData\Roaming\unins000.dat [15897]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{59F3F970-A65B-46E8-A680-C6D54CE5190E}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{283E954D-BE40-42D3-A469-18D92C081515}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 01/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 19/05/2008 954368 | (jswpsapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 23/04/2014 572096 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07/05/2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 18/01/2013 188400 | (fshoster) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\fshoster32.exe
SR - | Demand 20/08/2013 207808 | (FSMA) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSMA32.exe
SR - | Auto 06/08/2012 61176 | (FSORSPClient) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\apps\CCF_Reputation\fsorsp.exe
SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 16/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 16/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 30/04/2014 1618888 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 21009352 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 04/03/2014 922968 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 04/03/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKLM\Software\Wow6432Node\SupDp] =>PUP.SupTab^
~ Additionnel Scan: 230189 Items scanned in 00mn 07s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
~ MSI: 1 link(s) detected in 00mn 00s
~ 679 Legitimates filtered by white list
End of the scan (400 lines in 01mn 02s)(0)
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 21:02
Sugiro que desinstale o Bonjour, que é desnecessário._________________________________________________________________________________________________________________
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________________________
Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em azul abaixo para ser analisado:C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Gabriel.job
C:\Windows\Tasks\ReclaimerUpdateXML_Gabriel.job
C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Gabriel
C:\Windows\Tasks\ReclaimerUpdateFiles_Gabriel.job
Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste estes links em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.
Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_____________________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com os links das análises dos arquivos no site Virus Total.
Última edição por Power Max em Dom 01 Jun 2014, 22:23, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 21:38
Acho que consegui pegar estes links corretamente. A página inicial do Google está estranha, com aqueles links que mais usamos abaixo da barra de pesquisa? Tem a ver com este vírus do Sweetpage também?
Links:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Relatório:
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Gabriel at 01/06/2014 21:36:04
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\SupDp
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (117) (1.761.819 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 12s
========== Caminho do ficheiro do relatório ==========
C:\Users\Gabriel\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/06/2014 21:36:06 [1190]
Links:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Relatório:
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Gabriel at 01/06/2014 21:36:04
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\SupDp
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (117) (1.761.819 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 12s
========== Caminho do ficheiro do relatório ==========
C:\Users\Gabriel\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/06/2014 21:36:06 [1190]
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 22:00
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 22:20
O relatório:
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Gabriel (01/06/2014 22:16:01)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Computer Security 12.77.101.0
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.14
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8098 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 5 GB (6%) free of 78 GB
---\\ Modo de conexão ao sistema
~ Computer Name: GABRIEL-PC
~ User Name: Gabriel
~ All Users Names: Guest, Gabriel, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Gabriel\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Gabriel\AppData\Roaming\
~ %Desktop% : C:\Users\Gabriel\Desktop\
~ %Favorites% : C:\Users\Gabriel\Favorites\
~ %LocalAppData% : C:\Users\Gabriel\AppData\Local\
~ %StartMenu% : C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 5 Go of 78 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1723 Go of 1785 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
F: Hard drive, Flash drive, Thumb drive (Free 11 Go of 699 Go)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.09/05/2014 - 01:52:06.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Windows Logon Application.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/18041
~ Mes musiques (My Musics) : 1/9
~ Mes Videos (My Videos) : 1/214
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/41
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.5EA707336336DDFADE5FD3726CEA1523] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.3576]
[MD5.D7C56CB89EF04A8D0544023FA12045FF] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe [2748112] [PID.3972]
[MD5.094E4E76FB9AB960A73F841BC6733F42] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.4160]
[MD5.A05602FCF939A0A051D0CDF8C5CEDA98] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096] [PID.4168]
[MD5.4E3B9E4D292232D9BB01288D961C5BC2] - (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [1667072] [PID.4180]
[MD5.6AFD3970A41F48306874DB23991A4955] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152] [PID.4228]
[MD5.A0F2C92F410EBAE832DFE507C7E4D6FA] - (.F-Secure Corporation - F-Secure Host Process.) -- C:\Program Files (x86)\GVT\fshoster32.exe [188400] [PID.1992]
[MD5.5DF9D84032F52FBD736DA2AC6ABE860D] - (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.exe [310208] [PID.4244]
[MD5.D2E3E6D94A9E1CFA1561D9C748136FD0] - (.Apple Inc. - iTunesHelper.) -- D:\Programas\iTunesHelper.exe [152392] [PID.4336]
[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.5732]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.72700]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.72412]
[MD5.CDA9313E34887A111B8309B55BCDCD82] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.944]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1724]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1860]
[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.1912]
[MD5.C67B42683036A503A2123EBEE9220AAA] - (.F-Secure Corporation - F-Secure ORSP Service.) -- C:\Program Files (x86)\GVT\apps\CCF_Reputation\fsorsp.exe [61176] [PID.1216]
[MD5.C0F5A63472D8A67B919C3A38D84A80C0] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\FSGK32.exe [679464] [PID.1764]
[MD5.C50CD479FD1BB886244E2663DFFBCF6A] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888] [PID.2004]
[MD5.480F368D8AD18D57A0A9F4B562A00A84] - (.F-Secure Corporation - F-Secure Management Agent.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSMA32.exe [207808] [PID.2808]
[MD5.22B759B44B8E9C7DB504993E38AC2AE8] - (.F-Secure Corporation - F-Secure Scanner Manager 32-bit.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\fssm32.exe [1227304] [PID.2864]
[MD5.20E83F4632E15A5E9E716FF2E8AC7FAE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.5504]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.5140]
[MD5.08E2B577DB95156F9A658C988EE71F5D] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.340]
[MD5.30B5F9FB0C35AE6B4A0851D24CE2EE8B] - (.Microsoft Corporation - Office Source Engine.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.exe [150600] [PID.72040]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Gabriel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (.not file.)
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [D-Link RangeBooster G WUA-2340] . (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Hoster (51855)] . (.F-Secure Corporation - F-Secure Host Process.) -- C:\Program Files (x86)\GVT\fshoster32.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Manager] . (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office15\ONBttnIE.dll (.not file.)
O9 - Extra button: Clique para Telefonar do Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_Gabriel.job [378]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Gabriel [378]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_Gabriel.job [374]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_Gabriel [374]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Gabriel.job [384]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Gabriel [384]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (fsvista) . (...) - C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Daylight - (.Zombie Studios.) [HKLM][64Bits] -- Steam App 230840
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
~ Logic: 21 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 222 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2014 - 13:12:35 - [] ----D C:\Program Files (x86)\GVT
~ Program Folder: 126 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.AC1C5202355616088CECC39B86C54C76] - 01/06/2014 - 13:44:22 ---A- . (...) -- C:\zoek-results2014-06-01-164422.log [28347]
O44 - LFC:[MD5.DAA86266B3260BEB416B67E27A445145] - 01/06/2014 - 19:45:25 ---A- . (...) -- C:\zoek-results2014-06-01-224525.log [6083]
O44 - LFC:[MD5.3419A970FBCD95015063826ECA3CFE24] - 01/06/2014 - 20:14:22 ---A- . (...) -- C:\zoek-results.log [1242]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 21/05/2014 - 01:51:21 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.BC9F8BE4A28203AB291977442BE409C7] - 31/05/2014 - 19:57:09 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.BC9F8BE4A28203AB291977442BE409C7] - 31/05/2014 - 19:57:10 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20832]
~ Files: 14 Legitimates Filtered in 00mn 01s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{bebe604b-d725-11e3-aaf7-e03f49e3e7a9}\AutoRun\command. (.Microsoft Corporation - Microsoft Setup Bootstrapper.) -- E:\SETUP.exe
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ANIWZCS2Service [Key] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2014 - 00:03:22 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:17/05/2014 - 09:39:44 ---A- . (...) -- C:\Windows\System32\Drivers\fsbts.sys [56016]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/08/2012 - 14:54:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:02/04/2009 - 17:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:17/05/2014 - 09:32:04 ---A- . (...) -- C:\Windows\SysWOW64\drivers\fsbts.sys [41024]
~ Drivers: 60 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.CBFAD3D8978639FE20AAD0D7793F00C0] [SPRF][10/05/2014] (...) -- C:\Users\Gabriel\AppData\Roaming\unins000.dat [15897]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{59F3F970-A65B-46E8-A680-C6D54CE5190E}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{283E954D-BE40-42D3-A469-18D92C081515}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 01/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 19/05/2008 954368 | (jswpsapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 23/04/2014 572096 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07/05/2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
SR - | Auto 18/01/2013 188400 | (fshoster) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\fshoster32.exe
SR - | Demand 20/08/2013 207808 | (FSMA) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSMA32.exe
SR - | Auto 06/08/2012 61176 | (FSORSPClient) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\apps\CCF_Reputation\fsorsp.exe
SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 16/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 16/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 30/04/2014 1618888 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 21009352 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 04/03/2014 922968 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 04/03/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 229609 Items scanned in 00mn 07s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 683 Legitimates filtered by white list
End of the scan (395 lines in 00mn 28s)(0)
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Gabriel (01/06/2014 22:16:01)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Computer Security 12.77.101.0
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.14
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8098 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 5 GB (6%) free of 78 GB
---\\ Modo de conexão ao sistema
~ Computer Name: GABRIEL-PC
~ User Name: Gabriel
~ All Users Names: Guest, Gabriel, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Gabriel\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Gabriel\AppData\Roaming\
~ %Desktop% : C:\Users\Gabriel\Desktop\
~ %Favorites% : C:\Users\Gabriel\Favorites\
~ %LocalAppData% : C:\Users\Gabriel\AppData\Local\
~ %StartMenu% : C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 5 Go of 78 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1723 Go of 1785 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
F: Hard drive, Flash drive, Thumb drive (Free 11 Go of 699 Go)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.09/05/2014 - 01:52:06.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Windows Logon Application.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - NT File System Driver.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/18041
~ Mes musiques (My Musics) : 1/9
~ Mes Videos (My Videos) : 1/214
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/41
~ Mon Bureau (My Desktop) : 1/5
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.5EA707336336DDFADE5FD3726CEA1523] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840] [PID.3576]
[MD5.D7C56CB89EF04A8D0544023FA12045FF] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe [2748112] [PID.3972]
[MD5.094E4E76FB9AB960A73F841BC6733F42] - (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848] [PID.4160]
[MD5.A05602FCF939A0A051D0CDF8C5CEDA98] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096] [PID.4168]
[MD5.4E3B9E4D292232D9BB01288D961C5BC2] - (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [1667072] [PID.4180]
[MD5.6AFD3970A41F48306874DB23991A4955] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152] [PID.4228]
[MD5.A0F2C92F410EBAE832DFE507C7E4D6FA] - (.F-Secure Corporation - F-Secure Host Process.) -- C:\Program Files (x86)\GVT\fshoster32.exe [188400] [PID.1992]
[MD5.5DF9D84032F52FBD736DA2AC6ABE860D] - (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.exe [310208] [PID.4244]
[MD5.D2E3E6D94A9E1CFA1561D9C748136FD0] - (.Apple Inc. - iTunesHelper.) -- D:\Programas\iTunesHelper.exe [152392] [PID.4336]
[MD5.3D45AD2B246B90DBD3E6F213E7AEBF64] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592] [PID.5732]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.72700]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.72412]
[MD5.CDA9313E34887A111B8309B55BCDCD82] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [411936] [PID.944]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1724]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1860]
[MD5.BBF8F831C7720DD5135D8C4C8325187A] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728] [PID.1912]
[MD5.C67B42683036A503A2123EBEE9220AAA] - (.F-Secure Corporation - F-Secure ORSP Service.) -- C:\Program Files (x86)\GVT\apps\CCF_Reputation\fsorsp.exe [61176] [PID.1216]
[MD5.C0F5A63472D8A67B919C3A38D84A80C0] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\FSGK32.exe [679464] [PID.1764]
[MD5.C50CD479FD1BB886244E2663DFFBCF6A] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888] [PID.2004]
[MD5.480F368D8AD18D57A0A9F4B562A00A84] - (.F-Secure Corporation - F-Secure Management Agent.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSMA32.exe [207808] [PID.2808]
[MD5.22B759B44B8E9C7DB504993E38AC2AE8] - (.F-Secure Corporation - F-Secure Scanner Manager 32-bit.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\fssm32.exe [1227304] [PID.2864]
[MD5.20E83F4632E15A5E9E716FF2E8AC7FAE] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720] [PID.5504]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.5140]
[MD5.08E2B577DB95156F9A658C988EE71F5D] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.340]
[MD5.30B5F9FB0C35AE6B4A0851D24CE2EE8B] - (.Microsoft Corporation - Office Source Engine.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.exe [150600] [PID.72040]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Gabriel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (.not file.)
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - iusb3mon.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [D-Link RangeBooster G WUA-2340] . (.D-Link - D-Link Wireless LAN Monitor.) -- C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Hoster (51855)] . (.F-Secure Corporation - F-Secure Host Process.) -- C:\Program Files (x86)\GVT\fshoster32.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Manager] . (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office15\ONBttnIE.dll (.not file.)
O9 - Extra button: Clique para Telefonar do Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{771C0417-EFB0-418D-9320-8F515CEBC7A1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_Gabriel.job [378]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Gabriel [378]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_Gabriel.job [374]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_Gabriel [374]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Gabriel.job [384]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Gabriel [384]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (fsvista) . (...) - C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Daylight - (.Zombie Studios.) [HKLM][64Bits] -- Steam App 230840
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKLM][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
~ Logic: 21 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 222 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2014 - 13:12:35 - [] ----D C:\Program Files (x86)\GVT
~ Program Folder: 126 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.AC1C5202355616088CECC39B86C54C76] - 01/06/2014 - 13:44:22 ---A- . (...) -- C:\zoek-results2014-06-01-164422.log [28347]
O44 - LFC:[MD5.DAA86266B3260BEB416B67E27A445145] - 01/06/2014 - 19:45:25 ---A- . (...) -- C:\zoek-results2014-06-01-224525.log [6083]
O44 - LFC:[MD5.3419A970FBCD95015063826ECA3CFE24] - 01/06/2014 - 20:14:22 ---A- . (...) -- C:\zoek-results.log [1242]
O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 21/05/2014 - 01:51:21 ---A- . (...) -- C:\Windows\win.ini [478]
O44 - LFC:[MD5.BC9F8BE4A28203AB291977442BE409C7] - 31/05/2014 - 19:57:09 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [20832]
O44 - LFC:[MD5.BC9F8BE4A28203AB291977442BE409C7] - 31/05/2014 - 19:57:10 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [20832]
~ Files: 14 Legitimates Filtered in 00mn 01s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{bebe604b-d725-11e3-aaf7-e03f49e3e7a9}\AutoRun\command. (.Microsoft Corporation - Microsoft Setup Bootstrapper.) -- E:\SETUP.exe
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ANIWZCS2Service [Key] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
~ SMSR Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:09/05/2014 - 00:03:22 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:17/05/2014 - 09:39:44 ---A- . (...) -- C:\Windows\System32\Drivers\fsbts.sys [56016]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:22/08/2012 - 14:54:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [15232]
O58 - SDL:02/04/2009 - 17:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:17/05/2014 - 09:32:04 ---A- . (...) -- C:\Windows\SysWOW64\drivers\fsbts.sys [41024]
~ Drivers: 60 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.CBFAD3D8978639FE20AAD0D7793F00C0] [SPRF][10/05/2014] (...) -- C:\Users\Gabriel\AppData\Roaming\unins000.dat [15897]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{59F3F970-A65B-46E8-A680-C6D54CE5190E}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{283E954D-BE40-42D3-A469-18D92C081515}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gabriel\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 01/06/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/06/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 27/08/2013 828376 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Demand 19/05/2008 954368 | (jswpsapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 23/04/2014 572096 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 07/05/2013 936728 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
SR - | Auto 18/01/2013 188400 | (fshoster) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\fshoster32.exe
SR - | Demand 20/08/2013 207808 | (FSMA) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSMA32.exe
SR - | Auto 06/08/2012 61176 | (FSORSPClient) . (.F-Secure Corporation.) - C:\Program Files (x86)\GVT\apps\CCF_Reputation\fsorsp.exe
SR - | Auto 07/08/2013 15720 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 27/08/2013 747520 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 16/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 16/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 30/04/2014 1618888 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 30/04/2014 21009352 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 04/03/2014 922968 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 04/03/2014 411936 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 229609 Items scanned in 00mn 07s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 683 Legitimates filtered by white list
End of the scan (395 lines in 00mn 28s)(0)
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 22:22
Como está o PC?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 22:31
Acredito que o Sweetpages e esse tal de Baidu foram permanentemente removidos, mas a página inicial do Chrome está diferente. Ela não era assim. Estou anexando uma imagem e enviando.
No mais, o pc parece estar bom. Isso significa que a máquina está segura novamente? Posso acessar minhas contas e páginas que exigem segurança sem medo?
Agradeço demais a ajuda, obrigado mesmo!
No mais, o pc parece estar bom. Isso significa que a máquina está segura novamente? Posso acessar minhas contas e páginas que exigem segurança sem medo?
Agradeço demais a ajuda, obrigado mesmo!
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 22:45
A imagem que você anexou não apareceu aqui. Mas uma boa dica neste caso seria desinstalar o Chrome e reinstalá-lo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Dom 01 Jun 2014, 22:56
Certo! Vou tentar isso por que acredito que seja decorrência dos vírus.
Obrigado mesmo!
Obrigado mesmo!
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Dom 01 Jun 2014, 23:00
Depois que você fizer isto nos diga, por gentileza, se o problema foi resolvido.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Ter 03 Jun 2014, 23:50
Boa noite.
Não sei o que aconteceu, mas reinstalei o Chrome, o problema da página não desapareceu e hoje, ao religar, o Sweetpages voltou. Será que terei que reinstalar o windows? Fiquei preocupado agora. =/
Não sei o que aconteceu, mas reinstalei o Chrome, o problema da página não desapareceu e hoje, ao religar, o Sweetpages voltou. Será que terei que reinstalar o windows? Fiquei preocupado agora. =/
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por Power Max Ter 03 Jun 2014, 23:57
Desative temporariamente seu antivirus para evitar conflitos.
Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Execute-o da forma indicada nesta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).
Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Execute-o da forma indicada nesta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Sweetpages - Já tentei usar o Adwcleaner e nada
por TaranisBsb Qua 04 Jun 2014, 00:25
Boa noite, acredito que esteja seja o relatório.
¤¤¤¤¤¤¤¤¤¤ | Shortcut_Module | g3n-h@ckm@n | 03.06.2014.2
¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 00:06:22 - 04/06/2014
update on : 03/06/2014 | 19.55 by g3n-h@ckm@n
Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedbacks : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Boot : Normal
System : Windows 7 Ultimate (64 bits) Ultimate Service Pack 1
RAM memory = Total (MB) : 8293 | Free (MB) : 6379
Pagefile = Total (MB) : 16583 | Free (MB) : 14586
Virtual = Total (MB) : 4194 | Free (MB) : 4016
Registry saved, to restore : C:\Shortcut_Module\Save\Clean\ERDNT.exe
¤¤¤¤¤¤¤¤¤¤ | Windows Updates
No windows updates detected !!!
¤¤¤¤¤¤¤¤¤¤ | Browsers
IE : 11.0.9600.17041 (© Microsoft Corporation. All rights reserved.)
GC : 35.0.1916.114 (Copyright 2012 Google Inc. All rights reserved.)
¤¤¤¤¤¤¤¤¤¤ | Security
AV : Proteção do Computador Disabled
AS : Windows Defender Enabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Started
AS: Windows Defender [Auto(2)] = Started
FW: Windows FireWall Service [Auto(2)] = Started
¤¤¤¤¤¤¤¤¤¤ | FlashPlayer
¤¤¤¤¤¤¤¤¤¤ | Killed processes
904 | [Owner : SYSTEM |Parent : 656] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.88.) - (8.17.13.3788) = C:\Windows\System32\nvvsvc.exe
928 | [Owner : SYSTEM |Parent : 656] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.3788) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1408 | [Owner : SYSTEM |Parent : 904] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.3788) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1424 | [Owner : SYSTEM |Parent : 904] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.88.) - (8.17.13.3788) = C:\Windows\System32\nvvsvc.exe
1536 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1656 | [Owner : SYSTEM |Parent : 656] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.7.4.0) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1676 | [Owner : SYSTEM |Parent : 656] - (.Apple Inc. - YSLoader.exe.) - (17.327.4.24) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1708 | [Owner : SYSTEM |Parent : 656] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
1868 | [Owner : SYSTEM |Parent : 656] - (.F-Secure Corporation - F-Secure Host Process.) - (1.4.36005.0) = C:\Program Files (x86)\GVT\fshoster32.exe
1972 | [Owner : NETWORK SERVICE |Parent : 656] - (.F-Secure Corporation - F-Secure ORSP Service.) - (1.0.25.1877) = C:\Program Files (x86)\GVT\apps\CCF_Reputation\fsorsp.exe
1996 | [Owner : SYSTEM |Parent : 656] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
2012 | [Owner : SYSTEM |Parent : 1868] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit .) - (13.60.67.222) = C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
1236 | [Owner : SYSTEM |Parent : 656] - (.NVIDIA Corporation - NVIDIA Network Service.) - (1.0.5.16) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
1696 | [Owner : SYSTEM |Parent : 656] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (2.1.214.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
2256 | [Owner : NETWORK SERVICE |Parent : 1696] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (2.1.214.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
2604 | [Owner : LOCAL SERVICE |Parent : 340] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
2652 | [Owner : SYSTEM |Parent : 656] - (.F-Secure Corporation - F-Secure Management Agent.) - (8.30.43112.0) = C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSMA32.EXE
2948 | [Owner : SYSTEM |Parent : 2652] - (.F-Secure Corporation - F-Secure DLL Hosting Plugin.) - (8.30.43112.0) = C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSHDLL64.EXE
3852 | [Owner : SYSTEM |Parent : 656] - (.Intel Corporation - IAStorDataSvc.) - (12.8.0.1016) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
3248 | [Owner : SYSTEM |Parent : 656] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (9.5.12.1682) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
2852 | [Owner : SYSTEM |Parent : 656] - (.Intel Corporation - Intel(R) Local Management Service.) - (9.5.10.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1792 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
3964 | [Owner : Gabriel |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2144 | [Owner : Gabriel |Parent : 4060] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
2468 | [Owner : Gabriel |Parent : 2144] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) - (14.6.22.1) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
3176 | [Owner : Gabriel |Parent : 2144] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (5.2.0.350) = C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
3348 | [Owner : Gabriel |Parent : 3388] - (.Intel Corporation - iusb3mon.) - (2.5.0.19) = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
3480 | [Owner : Gabriel |Parent : 3388] - (.D-Link - D-Link Wireless LAN Monitor.) - (4.1.3.923) = C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
3676 | [Owner : Gabriel |Parent : 3388] - (.F-Secure Corporation - F-Secure Host Process.) - (1.4.36005.0) = C:\Program Files (x86)\GVT\fshoster32.exe
3440 | [Owner : Gabriel |Parent : 3388] - (.F-Secure Corporation - F-Secure Settings and Statistics.) - (8.30.43112.0) = C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.EXE
4368 | [Owner : SYSTEM |Parent : 1696] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (2.1.214.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
4380 | [Owner : SYSTEM |Parent : 616] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.18229) = C:\Windows\System32\conhost.exe
4724 | [Owner : Gabriel |Parent : 1408] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.3788) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
5040 | [Owner : NETWORK SERVICE |Parent : 656] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
5952 | [Owner : Gabriel |Parent : 4056] - (.Intel Corporation - IAStorIcon.) - (12.8.0.1016) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
4284 | [Owner : Gabriel |Parent : 3612] - (.Intel Corporation - Intel(R) Management and Security Status.) - (9.5.20.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
5212 | [Owner : SYSTEM |Parent : 656] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
¤¤¤¤¤¤¤¤¤¤ | Running processes
296 | [Owner : SYSTEM |Parent : 4] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.18229) = C:\Windows\System32\smss.exe
504 | [Owner : SYSTEM |Parent : 496] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
588 | [Owner : SYSTEM |Parent : 496] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe
616 | [Owner : SYSTEM |Parent : 600] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
656 | [Owner : SYSTEM |Parent : 588] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7600.16385) = C:\Windows\System32\services.exe
688 | [Owner : SYSTEM |Parent : 588] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18443) = C:\Windows\System32\lsass.exe
696 | [Owner : SYSTEM |Parent : 600] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.18409) = C:\Windows\System32\winlogon.exe
704 | [Owner : SYSTEM |Parent : 588] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe
844 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
972 | [Owner : NETWORK SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
512 | [Owner : LOCAL SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
340 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
388 | [Owner : LOCAL SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1028 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1276 | [Owner : NETWORK SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1564 | [Owner : LOCAL SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
3160 | [Owner : LOCAL SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
3420 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
784 | [Owner : Gabriel |Parent : 340] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe
4048 | [Owner : LOCAL SERVICE |Parent : 512] - (.Microsoft Corporation - Windows Audio Device Graph Isolation .) - (6.1.7601.17514) = C:\Windows\System32\audiodg.exe
5620 | [Owner : NETWORK SERVICE |Parent : 844] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe
1336 | [Owner : Gabriel |Parent : 2144] - (. - Shortcut_Module.) - (3.6.2014.2) = C:\Users\Gabriel\Desktop\Shortcut_Module.exe
5076 | [Owner : LOCAL SERVICE |Parent : 340] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
6096 | [Owner : SYSTEM |Parent : 656] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
5816 | [Owner : Gabriel |Parent : 1336] - (. - Process Stopper.) - (1.0.0.0) = C:\Shortcut_Module\Protect_Module.exe
¤¤¤¤¤¤¤¤¤¤ | RUN
04 - [64] HKLM\..\Run : [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
04 - [64] HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - [64] HKLM\..\Run : [D-Link RangeBooster G WUA-2340] C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
04 - [64] HKLM\..\Run : [F-Secure Hoster (51855)] "C:\Program Files (x86)\GVT\fshoster32.exe" -app -hosterid:1
04 - [64] HKLM\..\Run : [F-Secure Manager] "C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.EXE" /splash
04 - [32] HKLM\..\Run : [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - [32] HKLM\..\Run : [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
04 - [32] HKLM\..\Run : [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
04 - [32] HKLM\..\Run : [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
¤¤¤¤¤¤¤¤¤¤ | Services
Service in functioning : WINDEFEND
Stopped service : WINDEFEND
Service in functioning : MMCSS
Service in functioning : Dhcp
Stopped service : Dhcp
Service in functioning : TcpIp
Service in functioning : SSDPSRV
Stopped service : SSDPSRV
Service in functioning : MPSSvc
Stopped service : MPSSvc
Service in functioning : LanmanServer
Service in functioning : DNScache
Stopped service : DNScache
¤¤¤¤¤¤¤¤¤¤ | Hosts
C:\Windows\System32\Drivers\etc\hosts : Reseted successfully
¤¤¤¤¤¤¤¤¤¤ | Register
Deleted successfully : [64]HKLM\Software\Classes\AppID\SoftwareUpdate.exe
Deleted successfully : [64]HKLM\Software\Classes\AppID\{6A070EEA-E3F8-411E-9D3A-F3814ED6D1A8} : SoftwareUpdateApp
Deleted successfully : [32]HKLM\Software\Classes\AppID\SoftwareUpdateAdmin.DLL
Deleted successfully : [64]HKLM\Software\Classes\TypeLib\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4} : SoftwareUpdate
Deleted successfully : [64]HKLM\Software\Classes\Interface\{06437ABB-C419-4B11-A474-1A2B02FBD646} : _ISelfEvents
Deleted successfully : [64]HKLM\Software\Classes\Interface\{422CA428-AACB-496A-8FDD-86758BCFB756} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [64]HKLM\Software\Classes\Interface\{84A97748-13F3-4BB5-A20F-31709B134F25} : INVAssemblyActionPair
Deleted successfully : [64]HKLM\Software\Classes\Interface\{9397FF55-EE06-4F02-8F2A-BE3AE249D4BB} : IConversationHistoryActionAvailabilityEventData
Deleted successfully : [64]HKLM\Software\Classes\Interface\{995E123A-2A19-4E52-872F-774C5589459C} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [64]HKLM\Software\Classes\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [64]HKLM\Software\Classes\Interface\{DEDDD7BD-4763-41D2-9AAA-B2C143457CA4} : IModalityActionAvailabilityChangedEventData
Deleted successfully : [32]HKLM\Software\Classes\Interface\{422CA428-AACB-496A-8FDD-86758BCFB756} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [32]HKLM\Software\Classes\Interface\{84A97748-13F3-4BB5-A20F-31709B134F25} : INVAssemblyActionPair
Deleted successfully : [32]HKLM\Software\Classes\Interface\{995E123A-2A19-4E52-872F-774C5589459C} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [32]HKLM\Software\Classes\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [64]HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Deleted successfully : [64]HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} : ShopperReports.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} : alotBHO.dll;alotBHO.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} : eBayTB.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} : ShoppingReport.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} : PCTBrowserDefender.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} : BabylonToolbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825} : PCTBrowserDefender.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} : alot.dll;alot.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{69ABB8E4-3A44-461C-93BC-C3BB6BDF2DF3} : Backcountry.com.Steepandcheap.Toolbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} : SuperfishIEAddon.dll;SuperfishIEAddon.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} : eBayTB.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} : BabylonToolbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} : ShoppingReport.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{F98BA7F6-48D8-4CE7-A8D0-39D13FD6F14F} : Backcountry.com.Steepandcheap.Toolbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} : BabylonToolbarTlbr.dll
¤¤¤¤¤¤¤¤¤¤ | IFEO
¤¤¤¤¤¤¤¤¤¤ | Folders
Deleted successfully : C:\Windows\System32\NdfEventView.xml ()
Deleted successfully : C:\Users\All Users\f-secure\FSAUA\guts.sp.f-secure.com\content\orsp-win-v2\1370467978\orspupd.exe (© 2007-2013, F-Secure Corporation.-.F-Secure ORSP Client)[OFN : orspupd.exe]
Deleted successfully : C:\Users\All Users\f-secure\latebound\200\localization\trustedsites.pt-BR.xml (.-.)
Deleted successfully : C:\Users\All Users\Real\RealConverter\DeviceProfiles\archos7hometablet.xml (.-.)
Deleted successfully : C:\Users\All Users\Real\RealConverter\DeviceProfiles\blackberrytorch.xml (.-.)
¤¤¤¤¤¤¤¤¤¤ | Hijack.Shortcut
¤¤¤¤¤¤¤¤¤¤ | Proxy
Repaired : [HKU\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1
¤¤¤¤¤¤¤¤¤¤ | Hijack.Internet Explorer
Repaired : [HKU\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm
Repaired : [HKU\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : about:blank -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : about:blank -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : about:blank -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\SysWOW64\blank.htm
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\Windows\SysWOW64\blank.htm
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\SysWOW64\blank.htm
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
¤¤¤¤¤¤¤¤¤¤ | Hijack.Google Chrome
Deleted successfully : [64]HKLM\Software\Policies\Google
[Gabriel] Reseted successfully : SearchURL
[Gabriel] Reseted successfully : Preferences
[Gabriel] : aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co
[Gabriel] : apdfllckaahabafndbhieahigkjlhalf = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
[Gabriel] : blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
[Gabriel] : coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
[Gabriel] : lgbeldbnadmemecalekdfnffgobkpafc = : Unfriend Alerts alerts you any time someone removes you from their friend list. - Unfriend Alerts
[Gabriel] : mihcahmgecmbnbcchbopgniflfhgnkff = : __MSG_gmailcheck_description__ - __MSG_gmailcheck_name__
[Gabriel] : nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co
[Gabriel] : pbcaplhfkihhldmlbjhgajdeghjdbffi = : Módulo de Proteção - Caixa Economica Federal - GBBD Caixa Economica Federal
[Gabriel] : pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
¤¤¤¤¤¤¤¤¤¤ | Hijack.Firefox
¤¤¤¤¤¤¤¤¤¤ | Opera
¤¤¤¤¤¤¤¤¤¤ | Hijack.StartMenuInternet
Repaired : [64][HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
Repaired : [64][HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -> "C:\Program Files\Google\Chrome\Application\chrome.exe"
¤¤¤¤¤¤¤¤¤¤ | AppInit_DLLs
[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1
[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1
¤¤¤¤¤¤¤¤¤¤ | Hijack.Javascript
¤¤¤¤¤¤¤¤¤¤ | Firewall
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]|[EnableFirewall] : 1 -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]|[EnableFirewall] : 1 -> 0
¤¤¤¤¤¤¤¤¤¤ | Temporary files
[All Users] Temporary files deleted : 0 Ko
[Default] Temporary files deleted : 0 Ko
[Default User] Temporary files deleted : 0 Ko
[Gabriel] Temporary files deleted : 654167 Ko
[Public] Temporary files deleted : 0 Ko
[C:\Windows\Temp] Temporary files deleted : 0 Ko
[C:\Temp] Temporary files deleted : 0 Ko
Restarted service : MPSsvc
Other(s) report(s)
[X] : [204 Ko]
Analyzed elements : 245769 | Infected : 82
¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 00:20:49 | [27 Ko]
¤¤¤¤¤¤¤¤¤¤ | Shortcut_Module | g3n-h@ckm@n | 03.06.2014.2
¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 00:06:22 - 04/06/2014
update on : 03/06/2014 | 19.55 by g3n-h@ckm@n
Contact : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Feedbacks : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Boot : Normal
System : Windows 7 Ultimate (64 bits) Ultimate Service Pack 1
RAM memory = Total (MB) : 8293 | Free (MB) : 6379
Pagefile = Total (MB) : 16583 | Free (MB) : 14586
Virtual = Total (MB) : 4194 | Free (MB) : 4016
Registry saved, to restore : C:\Shortcut_Module\Save\Clean\ERDNT.exe
¤¤¤¤¤¤¤¤¤¤ | Windows Updates
No windows updates detected !!!
¤¤¤¤¤¤¤¤¤¤ | Browsers
IE : 11.0.9600.17041 (© Microsoft Corporation. All rights reserved.)
GC : 35.0.1916.114 (Copyright 2012 Google Inc. All rights reserved.)
¤¤¤¤¤¤¤¤¤¤ | Security
AV : Proteção do Computador Disabled
AS : Windows Defender Enabled
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Started
AS: Windows Defender [Auto(2)] = Started
FW: Windows FireWall Service [Auto(2)] = Started
¤¤¤¤¤¤¤¤¤¤ | FlashPlayer
¤¤¤¤¤¤¤¤¤¤ | Killed processes
904 | [Owner : SYSTEM |Parent : 656] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.88.) - (8.17.13.3788) = C:\Windows\System32\nvvsvc.exe
928 | [Owner : SYSTEM |Parent : 656] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.3788) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1408 | [Owner : SYSTEM |Parent : 904] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.3788) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1424 | [Owner : SYSTEM |Parent : 904] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 337.88.) - (8.17.13.3788) = C:\Windows\System32\nvvsvc.exe
1536 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1656 | [Owner : SYSTEM |Parent : 656] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.7.4.0) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1676 | [Owner : SYSTEM |Parent : 656] - (.Apple Inc. - YSLoader.exe.) - (17.327.4.24) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1708 | [Owner : SYSTEM |Parent : 656] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
1868 | [Owner : SYSTEM |Parent : 656] - (.F-Secure Corporation - F-Secure Host Process.) - (1.4.36005.0) = C:\Program Files (x86)\GVT\fshoster32.exe
1972 | [Owner : NETWORK SERVICE |Parent : 656] - (.F-Secure Corporation - F-Secure ORSP Service.) - (1.0.25.1877) = C:\Program Files (x86)\GVT\apps\CCF_Reputation\fsorsp.exe
1996 | [Owner : SYSTEM |Parent : 656] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
2012 | [Owner : SYSTEM |Parent : 1868] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit .) - (13.60.67.222) = C:\Program Files (x86)\GVT\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
1236 | [Owner : SYSTEM |Parent : 656] - (.NVIDIA Corporation - NVIDIA Network Service.) - (1.0.5.16) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
1696 | [Owner : SYSTEM |Parent : 656] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (2.1.214.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
2256 | [Owner : NETWORK SERVICE |Parent : 1696] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (2.1.214.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
2604 | [Owner : LOCAL SERVICE |Parent : 340] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
2652 | [Owner : SYSTEM |Parent : 656] - (.F-Secure Corporation - F-Secure Management Agent.) - (8.30.43112.0) = C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSMA32.EXE
2948 | [Owner : SYSTEM |Parent : 2652] - (.F-Secure Corporation - F-Secure DLL Hosting Plugin.) - (8.30.43112.0) = C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSHDLL64.EXE
3852 | [Owner : SYSTEM |Parent : 656] - (.Intel Corporation - IAStorDataSvc.) - (12.8.0.1016) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
3248 | [Owner : SYSTEM |Parent : 656] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (9.5.12.1682) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
2852 | [Owner : SYSTEM |Parent : 656] - (.Intel Corporation - Intel(R) Local Management Service.) - (9.5.10.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1792 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
3964 | [Owner : Gabriel |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2144 | [Owner : Gabriel |Parent : 4060] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
2468 | [Owner : Gabriel |Parent : 2144] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) - (14.6.22.1) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
3176 | [Owner : Gabriel |Parent : 2144] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (5.2.0.350) = C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
3348 | [Owner : Gabriel |Parent : 3388] - (.Intel Corporation - iusb3mon.) - (2.5.0.19) = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
3480 | [Owner : Gabriel |Parent : 3388] - (.D-Link - D-Link Wireless LAN Monitor.) - (4.1.3.923) = C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
3676 | [Owner : Gabriel |Parent : 3388] - (.F-Secure Corporation - F-Secure Host Process.) - (1.4.36005.0) = C:\Program Files (x86)\GVT\fshoster32.exe
3440 | [Owner : Gabriel |Parent : 3388] - (.F-Secure Corporation - F-Secure Settings and Statistics.) - (8.30.43112.0) = C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.EXE
4368 | [Owner : SYSTEM |Parent : 1696] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (2.1.214.0) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
4380 | [Owner : SYSTEM |Parent : 616] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.18229) = C:\Windows\System32\conhost.exe
4724 | [Owner : Gabriel |Parent : 1408] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.3788) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
5040 | [Owner : NETWORK SERVICE |Parent : 656] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
5952 | [Owner : Gabriel |Parent : 4056] - (.Intel Corporation - IAStorIcon.) - (12.8.0.1016) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
4284 | [Owner : Gabriel |Parent : 3612] - (.Intel Corporation - Intel(R) Management and Security Status.) - (9.5.20.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
5212 | [Owner : SYSTEM |Parent : 656] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe
¤¤¤¤¤¤¤¤¤¤ | Running processes
296 | [Owner : SYSTEM |Parent : 4] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.18229) = C:\Windows\System32\smss.exe
504 | [Owner : SYSTEM |Parent : 496] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
588 | [Owner : SYSTEM |Parent : 496] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe
616 | [Owner : SYSTEM |Parent : 600] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
656 | [Owner : SYSTEM |Parent : 588] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7600.16385) = C:\Windows\System32\services.exe
688 | [Owner : SYSTEM |Parent : 588] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18443) = C:\Windows\System32\lsass.exe
696 | [Owner : SYSTEM |Parent : 600] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.18409) = C:\Windows\System32\winlogon.exe
704 | [Owner : SYSTEM |Parent : 588] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe
844 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
972 | [Owner : NETWORK SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
512 | [Owner : LOCAL SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
340 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
388 | [Owner : LOCAL SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1028 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1276 | [Owner : NETWORK SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1564 | [Owner : LOCAL SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
3160 | [Owner : LOCAL SERVICE |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
3420 | [Owner : SYSTEM |Parent : 656] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
784 | [Owner : Gabriel |Parent : 340] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe
4048 | [Owner : LOCAL SERVICE |Parent : 512] - (.Microsoft Corporation - Windows Audio Device Graph Isolation .) - (6.1.7601.17514) = C:\Windows\System32\audiodg.exe
5620 | [Owner : NETWORK SERVICE |Parent : 844] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe
1336 | [Owner : Gabriel |Parent : 2144] - (. - Shortcut_Module.) - (3.6.2014.2) = C:\Users\Gabriel\Desktop\Shortcut_Module.exe
5076 | [Owner : LOCAL SERVICE |Parent : 340] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe
6096 | [Owner : SYSTEM |Parent : 656] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
5816 | [Owner : Gabriel |Parent : 1336] - (. - Process Stopper.) - (1.0.0.0) = C:\Shortcut_Module\Protect_Module.exe
¤¤¤¤¤¤¤¤¤¤ | RUN
04 - [64] HKLM\..\Run : [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
04 - [64] HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - [64] HKLM\..\Run : [D-Link RangeBooster G WUA-2340] C:\Program Files (x86)\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
04 - [64] HKLM\..\Run : [F-Secure Hoster (51855)] "C:\Program Files (x86)\GVT\fshoster32.exe" -app -hosterid:1
04 - [64] HKLM\..\Run : [F-Secure Manager] "C:\Program Files (x86)\GVT\apps\ComputerSecurity\Common\FSM32.EXE" /splash
04 - [32] HKLM\..\Run : [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - [32] HKLM\..\Run : [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
04 - [32] HKLM\..\Run : [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
04 - [32] HKLM\..\Run : [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
¤¤¤¤¤¤¤¤¤¤ | Services
Service in functioning : WINDEFEND
Stopped service : WINDEFEND
Service in functioning : MMCSS
Service in functioning : Dhcp
Stopped service : Dhcp
Service in functioning : TcpIp
Service in functioning : SSDPSRV
Stopped service : SSDPSRV
Service in functioning : MPSSvc
Stopped service : MPSSvc
Service in functioning : LanmanServer
Service in functioning : DNScache
Stopped service : DNScache
¤¤¤¤¤¤¤¤¤¤ | Hosts
C:\Windows\System32\Drivers\etc\hosts : Reseted successfully
¤¤¤¤¤¤¤¤¤¤ | Register
Deleted successfully : [64]HKLM\Software\Classes\AppID\SoftwareUpdate.exe
Deleted successfully : [64]HKLM\Software\Classes\AppID\{6A070EEA-E3F8-411E-9D3A-F3814ED6D1A8} : SoftwareUpdateApp
Deleted successfully : [32]HKLM\Software\Classes\AppID\SoftwareUpdateAdmin.DLL
Deleted successfully : [64]HKLM\Software\Classes\TypeLib\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4} : SoftwareUpdate
Deleted successfully : [64]HKLM\Software\Classes\Interface\{06437ABB-C419-4B11-A474-1A2B02FBD646} : _ISelfEvents
Deleted successfully : [64]HKLM\Software\Classes\Interface\{422CA428-AACB-496A-8FDD-86758BCFB756} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [64]HKLM\Software\Classes\Interface\{84A97748-13F3-4BB5-A20F-31709B134F25} : INVAssemblyActionPair
Deleted successfully : [64]HKLM\Software\Classes\Interface\{9397FF55-EE06-4F02-8F2A-BE3AE249D4BB} : IConversationHistoryActionAvailabilityEventData
Deleted successfully : [64]HKLM\Software\Classes\Interface\{995E123A-2A19-4E52-872F-774C5589459C} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [64]HKLM\Software\Classes\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [64]HKLM\Software\Classes\Interface\{DEDDD7BD-4763-41D2-9AAA-B2C143457CA4} : IModalityActionAvailabilityChangedEventData
Deleted successfully : [32]HKLM\Software\Classes\Interface\{422CA428-AACB-496A-8FDD-86758BCFB756} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [32]HKLM\Software\Classes\Interface\{84A97748-13F3-4BB5-A20F-31709B134F25} : INVAssemblyActionPair
Deleted successfully : [32]HKLM\Software\Classes\Interface\{995E123A-2A19-4E52-872F-774C5589459C} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [32]HKLM\Software\Classes\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B} : {7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}
Deleted successfully : [64]HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Deleted successfully : [64]HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} : ShopperReports.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} : alotBHO.dll;alotBHO.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} : eBayTB.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} : ShoppingReport.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} : PCTBrowserDefender.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} : BabylonToolbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825} : PCTBrowserDefender.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} : alot.dll;alot.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{69ABB8E4-3A44-461C-93BC-C3BB6BDF2DF3} : Backcountry.com.Steepandcheap.Toolbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600} : SuperfishIEAddon.dll;SuperfishIEAddon.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} : eBayTB.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} : BabylonToolbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} : ShoppingReport.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{F98BA7F6-48D8-4CE7-A8D0-39D13FD6F14F} : Backcountry.com.Steepandcheap.Toolbar.dll
Deleted successfully : [64]HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} : BabylonToolbarTlbr.dll
¤¤¤¤¤¤¤¤¤¤ | IFEO
¤¤¤¤¤¤¤¤¤¤ | Folders
Deleted successfully : C:\Windows\System32\NdfEventView.xml ()
Deleted successfully : C:\Users\All Users\f-secure\FSAUA\guts.sp.f-secure.com\content\orsp-win-v2\1370467978\orspupd.exe (© 2007-2013, F-Secure Corporation.-.F-Secure ORSP Client)[OFN : orspupd.exe]
Deleted successfully : C:\Users\All Users\f-secure\latebound\200\localization\trustedsites.pt-BR.xml (.-.)
Deleted successfully : C:\Users\All Users\Real\RealConverter\DeviceProfiles\archos7hometablet.xml (.-.)
Deleted successfully : C:\Users\All Users\Real\RealConverter\DeviceProfiles\blackberrytorch.xml (.-.)
¤¤¤¤¤¤¤¤¤¤ | Hijack.Shortcut
¤¤¤¤¤¤¤¤¤¤ | Proxy
Repaired : [HKU\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1
¤¤¤¤¤¤¤¤¤¤ | Hijack.Internet Explorer
Repaired : [HKU\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm
Repaired : [HKU\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [HKU\S-1-5-21-2685067900-1822866205-979970078-1000\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : about:blank -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : about:blank -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : about:blank -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\SysWOW64\blank.htm
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\Windows\SysWOW64\blank.htm
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Bar] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\SysWOW64\blank.htm
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[BrowserMngr Start Page] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
¤¤¤¤¤¤¤¤¤¤ | Hijack.Google Chrome
Deleted successfully : [64]HKLM\Software\Policies\Google
[Gabriel] Reseted successfully : SearchURL
[Gabriel] Reseted successfully : Preferences
[Gabriel] : aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co
[Gabriel] : apdfllckaahabafndbhieahigkjlhalf = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
[Gabriel] : blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
[Gabriel] : coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
[Gabriel] : lgbeldbnadmemecalekdfnffgobkpafc = : Unfriend Alerts alerts you any time someone removes you from their friend list. - Unfriend Alerts
[Gabriel] : mihcahmgecmbnbcchbopgniflfhgnkff = : __MSG_gmailcheck_description__ - __MSG_gmailcheck_name__
[Gabriel] : nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co
[Gabriel] : pbcaplhfkihhldmlbjhgajdeghjdbffi = : Módulo de Proteção - Caixa Economica Federal - GBBD Caixa Economica Federal
[Gabriel] : pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Google & co
¤¤¤¤¤¤¤¤¤¤ | Hijack.Firefox
¤¤¤¤¤¤¤¤¤¤ | Opera
¤¤¤¤¤¤¤¤¤¤ | Hijack.StartMenuInternet
Repaired : [64][HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe"
Repaired : [64][HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -> "C:\Program Files\Google\Chrome\Application\chrome.exe"
¤¤¤¤¤¤¤¤¤¤ | AppInit_DLLs
[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1
[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1
¤¤¤¤¤¤¤¤¤¤ | Hijack.Javascript
¤¤¤¤¤¤¤¤¤¤ | Firewall
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]|[EnableFirewall] : 1 -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]|[EnableFirewall] : 1 -> 0
¤¤¤¤¤¤¤¤¤¤ | Temporary files
[All Users] Temporary files deleted : 0 Ko
[Default] Temporary files deleted : 0 Ko
[Default User] Temporary files deleted : 0 Ko
[Gabriel] Temporary files deleted : 654167 Ko
[Public] Temporary files deleted : 0 Ko
[C:\Windows\Temp] Temporary files deleted : 0 Ko
[C:\Temp] Temporary files deleted : 0 Ko
Restarted service : MPSsvc
Other(s) report(s)
[X] : [204 Ko]
Analyzed elements : 245769 | Infected : 82
¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 00:20:49 | [27 Ko]
TaranisBsb- Iniciante
- Mensagens : 18
Reputação : 0
Data de inscrição : 01/06/2014
Página 1 de 2 • 1, 2
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|