Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 33 usuários online :: 0 registrados, 0 invisíveis e 33 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
CE_Umbrella - URGENTE
3 participantes
Página 1 de 1
CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 09:24
Olá, estou com um problema, fica aparecendo uma mensagem no meu computar, para instalar o CE_Umbrella.
Já tentei remover utilizando o Adwcleaner e não consegui. Segue em anexo o relatório.
Aguardo retorno urgente.
Obrigada.
# AdwCleaner v3.211 - Relatório criado 02/06/2014 às 08:53:20
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : NCaroline - NATHALIA-PC
# Executando de : C:\Users\NCaroline\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : vosr
[#] Serviço Deletada : xmkysecqun64
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Users\NCaroline\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\NCaroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\NCaroline\Desktop\Continue VuuPC Installation.lnk
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v
[ Arquivo : C:\Users\nathalia\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[ Arquivo : C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [1761 octets] - [02/06/2014 08:52:48]
AdwCleaner[S0].txt - [1650 octets] - [02/06/2014 08:53:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1710 octets] ##########
Já tentei remover utilizando o Adwcleaner e não consegui. Segue em anexo o relatório.
Aguardo retorno urgente.
Obrigada.
# AdwCleaner v3.211 - Relatório criado 02/06/2014 às 08:53:20
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (64 bits)
# Usuário : NCaroline - NATHALIA-PC
# Executando de : C:\Users\NCaroline\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : vosr
[#] Serviço Deletada : xmkysecqun64
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Users\NCaroline\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\NCaroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\NCaroline\Desktop\Continue VuuPC Installation.lnk
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v
[ Arquivo : C:\Users\nathalia\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[ Arquivo : C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*************************
AdwCleaner[R0].txt - [1761 octets] - [02/06/2014 08:52:48]
AdwCleaner[S0].txt - [1650 octets] - [02/06/2014 08:53:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1710 octets] ##########
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 09:28
Olá NCL.
No seu PC está constando também o Baidu. Você quer removê-lo ou quer continuar com ele?
______________________________________________________________________________________
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
No seu PC está constando também o Baidu. Você quer removê-lo ou quer continuar com ele?
______________________________________________________________________________________
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 02 Jun 2014, 12:08, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 10:19
Segue em anexo.
Já desinstalei o Baidu.
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by NCaroline on 02/06/2014 at 10:07:19,81.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\NCaroline\Downloads\zoek (5).exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-02-124814.log 42186 bytes
==== System Restore Info ======================
02/06/2014 10:07:58 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\Users\NCaroline\AppData\Roaming\smkits" deleted
==== Folders Found ======================
2014-06-02 11:53:20 2014-06-02 11:53:20 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-02 11:19:38 2014-06-02 11:19:38 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-06-02 11:19:38 2014-06-02 11:21:02 -------- d-----w- C:\ProgramData\Baidu Security
2014-06-02 11:19:38 2014-06-02 11:21:02 -------- d-----w- C:\Users\All Users\Baidu Security
2014-06-02 11:21:07 2014-06-02 11:21:07 -------- d-----w- C:\Users\NCaroline\AppData\Roaming\Baidu Security
2014-06-02 11:54:08 2014-06-02 11:54:08 -------- d-----w- C:\Users\Public\Documents\Baidu
2014-06-02 11:20:51 2014-06-02 12:48:06 -------- d-----w- C:\Users\Public\Documents\Baidu Security
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Service.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3672
Created time: 2014-06-02 12:44:01
Modified time: 2014-06-02 11:21:01
MD5: B402B7B2962F8FBB92482862373E72BB
SHA1: D8201737DCB9254D1F51CFD497C00D6C4C4ADC6B
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3732
Created time: 2014-06-02 12:44:01
Modified time: 2014-06-02 11:21:00
MD5: F00D2169F5D4932DB2624F250348B72D
SHA1: 93199AD0E82D6493B498F199A0EA74ADB04EF1FC
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.70512&userid=fa987fe968e69b339d46121e8c233922&old_userid=S2AM9QLT-A41F72FA8606!d1585b33-d828-448d-9e1c-e3aaa9c5e0c0@#A41F72FA8606&install_time=2014-06-02 11:20:51&parent_name="
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.70512&userid=fa987fe968e69b339d46121e8c233922&old_userid=S2AM9QLT-A41F72FA8606!d1585b33-d828-448d-9e1c-e3aaa9c5e0c0@#A41F72FA8606&install_time=2014-06-02 11:20:51&parent_name="
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\Setup]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension" [04/02/2014 10:33]
==== Chrome Look ======================
Google Docs - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\nathalia\Desktop\Atalho para ETIQUETA ELETROFRIO.lnk - P:\Nathália\ETIQUETA ELETROFRIO
C:\Users\nathalia\Desktop\Atalho para ExportaçãoV.lnk -
C:\Users\nathalia\Desktop\Atalho para PaprPort.lnk - C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe
C:\Users\nathalia\Desktop\Certificado de qualidade.lnk - P:\Ricardo\2013\CQ - CLIENTES
C:\Users\nathalia\Desktop\Discador TIM.lnk - C:\Program Files (x86)\Discador TIM\timdialer.exe
C:\Users\nathalia\Desktop\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nathalia\Desktop\Omega - Atalho.lnk - O:\Omega\Omega.exe
C:\Users\nathalia\Desktop\OMEGA 2012 - TEMPORÁRIO.lnk -
C:\Users\nathalia\Desktop\PaperPort.lnk - C:\Windows\Installer\{71C97545-E547-4A8B-B0C8-61FF853270AC}\PaperPort.exe
C:\Users\nathalia\Desktop\pedidos em aberto.lnk - P:\Simone\REUNIÃO\Cópia de pedidos em aberto.xls
C:\Users\nathalia\Desktop\Scanner and Camera Wizard.lnk -
C:\Users\NCaroline\Desktop\CONTROLE DE CADASTROS NOVOS - Atalho.lnk - P:\Simone\CONTROLE DE CADASTROS NOVOS.xlsx
C:\Users\NCaroline\Desktop\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NCaroline\Desktop\Omega - Atalho.lnk - O:\Omega\Omega.exe
C:\Users\NCaroline\Desktop\PEDIDOS EM ABERTO FILIAL NE - Atalho.lnk - P:\Paulo Henrique\PEDIDOS EM ABERTO FILIAL NE.xlsx
C:\Users\NCaroline\Desktop\pedidos em aberto.lnk - P:\Simone\REUNIÃO\Cópia de pedidos em aberto.xls
C:\Users\NCaroline\Desktop\Trend Micro Titanium Internet Security.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Lotus Notes 8.5.lnk - C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
==== shortcuts in Users Start Menu ======================
C:\Users\NCaroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\Ajuda do PowerDVD 9.5.lnk - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Ptb\PowerDVD9.CHM
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\CyberLink PowerDVD 9.5.lnk - C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Trend Micro\Trend Micro Titanium.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Trend Micro\Trend Micro Titanium.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:49771;https=127.0.0.1:49771"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\nathalia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\nathalia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTU4X0MU will be deleted at reboot
C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWGV4TG3 will be deleted at reboot
C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNSLSN5J will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\nathalia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=4 folders=1 309417 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\nathalia\AppData\Local\Temp emptied successfully
C:\Users\NCaroline\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\NCAROL~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTU4X0MU" not found
"C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWGV4TG3" not found
"C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNSLSN5J" not found
==== EOF on 02/06/2014 at 10:16:14,05 ======================
Já desinstalei o Baidu.
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by NCaroline on 02/06/2014 at 10:07:19,81.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\NCaroline\Downloads\zoek (5).exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-02-124814.log 42186 bytes
==== System Restore Info ======================
02/06/2014 10:07:58 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\Users\NCaroline\AppData\Roaming\smkits" deleted
==== Folders Found ======================
2014-06-02 11:53:20 2014-06-02 11:53:20 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-02 11:19:38 2014-06-02 11:19:38 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-06-02 11:19:38 2014-06-02 11:21:02 -------- d-----w- C:\ProgramData\Baidu Security
2014-06-02 11:19:38 2014-06-02 11:21:02 -------- d-----w- C:\Users\All Users\Baidu Security
2014-06-02 11:21:07 2014-06-02 11:21:07 -------- d-----w- C:\Users\NCaroline\AppData\Roaming\Baidu Security
2014-06-02 11:54:08 2014-06-02 11:54:08 -------- d-----w- C:\Users\Public\Documents\Baidu
2014-06-02 11:20:51 2014-06-02 12:48:06 -------- d-----w- C:\Users\Public\Documents\Baidu Security
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Service.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3672
Created time: 2014-06-02 12:44:01
Modified time: 2014-06-02 11:21:01
MD5: B402B7B2962F8FBB92482862373E72BB
SHA1: D8201737DCB9254D1F51CFD497C00D6C4C4ADC6B
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3732
Created time: 2014-06-02 12:44:01
Modified time: 2014-06-02 11:21:00
MD5: F00D2169F5D4932DB2624F250348B72D
SHA1: 93199AD0E82D6493B498F199A0EA74ADB04EF1FC
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.70512&userid=fa987fe968e69b339d46121e8c233922&old_userid=S2AM9QLT-A41F72FA8606!d1585b33-d828-448d-9e1c-e3aaa9c5e0c0@#A41F72FA8606&install_time=2014-06-02 11:20:51&parent_name="
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.70512&userid=fa987fe968e69b339d46121e8c233922&old_userid=S2AM9QLT-A41F72FA8606!d1585b33-d828-448d-9e1c-e3aaa9c5e0c0@#A41F72FA8606&install_time=2014-06-02 11:20:51&parent_name="
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\Setup]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension" [04/02/2014 10:33]
==== Chrome Look ======================
Google Docs - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - nathalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - NCaroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\nathalia\Desktop\Atalho para ETIQUETA ELETROFRIO.lnk - P:\Nathália\ETIQUETA ELETROFRIO
C:\Users\nathalia\Desktop\Atalho para ExportaçãoV.lnk -
C:\Users\nathalia\Desktop\Atalho para PaprPort.lnk - C:\Program Files (x86)\ScanSoft\PaperPort\PaprPort.exe
C:\Users\nathalia\Desktop\Certificado de qualidade.lnk - P:\Ricardo\2013\CQ - CLIENTES
C:\Users\nathalia\Desktop\Discador TIM.lnk - C:\Program Files (x86)\Discador TIM\timdialer.exe
C:\Users\nathalia\Desktop\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nathalia\Desktop\Omega - Atalho.lnk - O:\Omega\Omega.exe
C:\Users\nathalia\Desktop\OMEGA 2012 - TEMPORÁRIO.lnk -
C:\Users\nathalia\Desktop\PaperPort.lnk - C:\Windows\Installer\{71C97545-E547-4A8B-B0C8-61FF853270AC}\PaperPort.exe
C:\Users\nathalia\Desktop\pedidos em aberto.lnk - P:\Simone\REUNIÃO\Cópia de pedidos em aberto.xls
C:\Users\nathalia\Desktop\Scanner and Camera Wizard.lnk -
C:\Users\NCaroline\Desktop\CONTROLE DE CADASTROS NOVOS - Atalho.lnk - P:\Simone\CONTROLE DE CADASTROS NOVOS.xlsx
C:\Users\NCaroline\Desktop\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NCaroline\Desktop\Omega - Atalho.lnk - O:\Omega\Omega.exe
C:\Users\NCaroline\Desktop\PEDIDOS EM ABERTO FILIAL NE - Atalho.lnk - P:\Paulo Henrique\PEDIDOS EM ABERTO FILIAL NE.xlsx
C:\Users\NCaroline\Desktop\pedidos em aberto.lnk - P:\Simone\REUNIÃO\Cópia de pedidos em aberto.xls
C:\Users\NCaroline\Desktop\Trend Micro Titanium Internet Security.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Lotus Notes 8.5.lnk - C:\Program Files (x86)\IBM\Lotus\Notes\notes.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
==== shortcuts in Users Start Menu ======================
C:\Users\NCaroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\Ajuda do PowerDVD 9.5.lnk - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Ptb\PowerDVD9.CHM
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\CyberLink PowerDVD 9.5.lnk - C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\nathalia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Trend Micro\Trend Micro Titanium.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\NCaroline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Trend Micro\Trend Micro Titanium.lnk - C:\Program Files (x86)\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:49771;https=127.0.0.1:49771"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\nathalia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\nathalia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTU4X0MU will be deleted at reboot
C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWGV4TG3 will be deleted at reboot
C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNSLSN5J will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\nathalia\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=4 folders=1 309417 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\nathalia\AppData\Local\Temp emptied successfully
C:\Users\NCaroline\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\NCAROL~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HTU4X0MU" not found
"C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWGV4TG3" not found
"C:\Users\NCaroline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNSLSN5J" not found
==== EOF on 02/06/2014 at 10:16:14,05 ======================
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 12:07
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 02 Jun 2014, 13:31, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 13:21
Segue o arquivo.
Desta vez não pediu para reiniciar o computador.
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by NCaroline on 02/06/2014 at 13:11:41,38.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\NCaroline\Downloads\zoek (6).exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-02-124814.log 42186 bytes
C:\zoek-results2014-06-02-131614.log 21123 bytes
==== System Restore Info ======================
02/06/2014 13:12:24 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
"url"=-
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
"url"=-
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\Setup]
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\NCaroline\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu deleted
C:\Users\Public\Documents\Baidu Security deleted
==== Folders Found ======================
2014-06-02 11:53:20 2014-06-02 11:53:20 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-02 16:12:47 2014-06-02 16:12:47 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-06-02 16:12:47 2014-06-02 16:12:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-02 16:12:47 2014-06-02 16:12:47 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-02 16:12:47 2014-06-02 16:12:47 -------- d---a-w- C:\zoek_backup\C_Users_NCaroline_AppData_Roaming_Baidu Security
2014-06-02 16:12:48 2014-06-02 16:12:48 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-02 16:12:48 2014-06-02 16:12:48 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Service.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3672
Created time: 2014-06-02 12:44:01
Modified time: 2014-06-02 11:21:01
MD5: B402B7B2962F8FBB92482862373E72BB
SHA1: D8201737DCB9254D1F51CFD497C00D6C4C4ADC6B
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3732
Created time: 2014-06-02 12:44:01
Modified time: 2014-06-02 11:21:00
MD5: F00D2169F5D4932DB2624F250348B72D
SHA1: 93199AD0E82D6493B498F199A0EA74ADB04EF1FC
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=19 folders=32 45674214 bytes)
==== EOF on 02/06/2014 at 13:14:03,24 ======================
Desta vez não pediu para reiniciar o computador.
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by NCaroline on 02/06/2014 at 13:11:41,38.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\NCaroline\Downloads\zoek (6).exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-02-124814.log 42186 bytes
C:\zoek-results2014-06-02-131614.log 21123 bytes
==== System Restore Info ======================
02/06/2014 13:12:24 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus\BevmVolatile]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFasterSvc_{PCFaster_4.0.0.0}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
"url"=-
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
"url"=-
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\Setup]
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\NCaroline\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu deleted
C:\Users\Public\Documents\Baidu Security deleted
==== Folders Found ======================
2014-06-02 11:53:20 2014-06-02 11:53:20 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-06-02 16:12:47 2014-06-02 16:12:47 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-06-02 16:12:47 2014-06-02 16:12:47 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-06-02 16:12:47 2014-06-02 16:12:47 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-06-02 16:12:47 2014-06-02 16:12:47 -------- d---a-w- C:\zoek_backup\C_Users_NCaroline_AppData_Roaming_Baidu Security
2014-06-02 16:12:48 2014-06-02 16:12:48 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu
2014-06-02 16:12:48 2014-06-02 16:12:48 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Service.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3672
Created time: 2014-06-02 12:44:01
Modified time: 2014-06-02 11:21:01
MD5: B402B7B2962F8FBB92482862373E72BB
SHA1: D8201737DCB9254D1F51CFD497C00D6C4C4ADC6B
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3732
Created time: 2014-06-02 12:44:01
Modified time: 2014-06-02 11:21:00
MD5: F00D2169F5D4932DB2624F250348B72D
SHA1: 93199AD0E82D6493B498F199A0EA74ADB04EF1FC
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
[HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=19 folders=32 45674214 bytes)
==== EOF on 02/06/2014 at 13:14:03,24 ======================
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 13:23
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 02 Jun 2014, 13:31, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 13:29
Segue
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by NCaroline on 02/06/2014 at 13:26:51,89.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\NCaroline\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-02-124814.log 42186 bytes
C:\zoek-results2014-06-02-131614.log 21123 bytes
C:\zoek-results2014-06-02-161403.log 8276 bytes
==== System Restore Info ======================
02/06/2014 13:27:10 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
==== Registry Search Results for "Baidu" ======================
No instances of string "Baidu" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=19 folders=32 45674214 bytes)
==== EOF on 02/06/2014 at 13:27:29,89 ======================
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by NCaroline on 02/06/2014 at 13:26:51,89.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\NCaroline\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-06-02-124814.log 42186 bytes
C:\zoek-results2014-06-02-131614.log 21123 bytes
C:\zoek-results2014-06-02-161403.log 8276 bytes
==== System Restore Info ======================
02/06/2014 13:27:10 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932027]
[-HKEY_USERS\S-1-5-21-2161964215-3076242739-3676879385-2126\Software\Baidu Security\PC Faster\4.0.0.0\Install\932043]
==== Registry Search Results for "Baidu" ======================
No instances of string "Baidu" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=19 folders=32 45674214 bytes)
==== EOF on 02/06/2014 at 13:27:29,89 ======================
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 13:30
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 13:42
Segue
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by NCaroline on 02/06/2014 at 13:35:30,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/06/2014 at 13:39:22,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by NCaroline on 02/06/2014 at 13:35:30,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/06/2014 at 13:39:22,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 13:42
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 13:51
Segue
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por NCaroline (02/06/2014 13:49:41)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Trend Micro Titanium Internet Security v3.00
Windows Defender W7 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Java 7 Update 25
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3998 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 427 GB (91%) free of 465 GB
---\\ Modo de conexão ao sistema
~ Computer Name: NATHALIA-PC
~ User Name: NCaroline
~ All Users Names: nathalia, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\NCaroline\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\NCaroline\AppData\Roaming\
~ %Desktop% : C:\Users\NCaroline\Desktop\
~ %Favorites% : C:\Users\NCaroline\Favorites\
~ %LocalAppData% : C:\Users\NCaroline\AppData\Local\
~ %StartMenu% : C:\Users\NCaroline\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 427 Go of 465 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.04/02/2014 - 16:02:41.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/02/2014 - 16:02:08.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/02/2014 - 16:02:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.04/02/2014 - 16:02:02.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 1/16
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.29875977E7C19FBD6893EB29B4306F1C] - (.Conexant Systems, Inc - SmartAudio.) -- C:\Program Files\Conexant\SAII\SmartAudio.exe [835200] [PID.3224]
[MD5.88FD47E3BD31BC358AD1EF14E75C7681] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336] [PID.3420]
[MD5.852803AAF50A785BAFE788D2AD666C78] - (.ScanSoft, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393] [PID.3480]
[MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe [872448] [PID.3628]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.3664]
[MD5.0E6215E64E7EAC14E41FBCF6A0254D57] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\NLNOTES.exe [1869192] [PID.4672]
[MD5.13CF6ECA3880A884C919BD3EF1ADB812] - (.IBM - Lotus Notes.) -- C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe [79232] [PID.4888]
[MD5.3A99915039B302B508661D18FE6EBC6F] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntaskldr.exe [16776] [PID.3592]
[MD5.ABAF4B46C4BFE9EAF9AD600373CB05E1] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\nNOTESMM.exe [13704] [PID.4352]
[MD5.A2CB714DCF8F0E134F2429AF673C7C08] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [506744] [PID.1384]
[MD5.9FECC05669A086A264B4D67A26CBC63D] - (.ABC71 Soluções em Informática - Menu Omega.) -- O:\Omega\Omega.exe [1226240] [PID.4256]
[MD5.4DF54ED7092A719FFA08F9E642B310BA] - (.ABC71 Soluções em Informática - Monitor de Atividades Omega.) -- O:\Omega\MonitorOmega.exe [58368] [PID.3172]
[MD5.3EA70A3B0C07049CCDE16D2CA1A95640] - (.ABC71 Soluções em Informática - Gerenciador de Janelas Omega.) -- O:\Omega\WndMgr.exe [171520] [PID.4520]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1916]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.2248]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1616]
[MD5.2098AF12149789FA6608422C8796F77C] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832] [PID.1780]
[MD5.E4FA829273FDF5BD20FC9804FD5F9C20] - (.IBM - wnsd.) -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768] [PID.1800]
[MD5.FF54EA1617D15711690D5EF054512C21] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe [71048] [PID.1860]
[MD5.1E5D06F915260E9270287A1839A98671] - (.Conexant Systems, Inc. - SmartAudio Service Application.) -- C:\Windows\SysWOW64\SAsrv.exe [446592] [PID.2020]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.2084]
[MD5.6A35B295812CE7064CFBCD9F254169CF] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.4180]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50990;https=127.0.0.1:50990 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio Control Panel application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\NCaroline\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\NCaroline\AppData\Roaming\ContentExplorer\ContentExplorer.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl9] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [PDVD9LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [SSBkgdUpdate] . (.Scansoft, Inc. - SSBkgdUpdate.) -- C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O4 - HKLM\..\Wow6432Node\Run: [PaperPort PTD] . (.ScanSoft, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Wow6432Node\Run: [IndexSearch] . (.ScanSoft, Inc. - PaperPort IndexSearch.) -- C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Wow6432Node\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2161964215-3076242739-3676879385-2126\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\NCaroline\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-2161964215-3076242739-3676879385-2126\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\NCaroline\AppData\Roaming\ContentExplorer\ContentExplorer.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pin.armacell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.20.28.4 172.20.100.2
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2161964215-3076242739-3676879385-2126Core [1042]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2161964215-3076242739-3676879385-2126UA [1094]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4015131871-208339670-2462766555-1000Core [1038]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4015131871-208339670-2462766555-1000UA [1090]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM][64Bits] -- ContentExplorer
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABC71]
[HKCU\Software\ContentExplorer]
[HKLM\Software\Baidu Security]
~ Key Software: 155 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/06/2014 - 08:19:56 - [] ----D C:\Users\NCaroline\AppData\Roaming\ContentExplorer
O43 - CFD: 02/06/2014 - 13:09:53 - [0] ----D C:\Users\NCaroline\AppData\Roaming\smkits
~ Program Folder: 105 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3212745994FBDA47BDBF53E1A55F0AAF] - 02/06/2014 - 09:48:14 ---A- . (...) -- C:\zoek-results2014-06-02-124814.log [42186]
O44 - LFC:[MD5.9DD419EE9769EE9B5B64C9D03387AC5A] - 02/06/2014 - 10:16:14 ---A- . (...) -- C:\zoek-results2014-06-02-131614.log [21123]
O44 - LFC:[MD5.77C7CC9772093024BDD279D904A53579] - 02/06/2014 - 13:07:58 ---A- . (...) -- C:\SUService.log [30376]
O44 - LFC:[MD5.CECC459826D35B47770F8265E128EE92] - 02/06/2014 - 13:13:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [151066]
O44 - LFC:[MD5.1AFB9F40DFBEF0A1C648B3AD3982D9AC] - 02/06/2014 - 13:13:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [716886]
O44 - LFC:[MD5.CEDD1FC9F6B5F820533D00B593FE10B8] - 02/06/2014 - 13:14:03 ---A- . (...) -- C:\zoek-results2014-06-02-161403.log [8276]
O44 - LFC:[MD5.9252F78F99F158D1830F89AFB197E3C6] - 02/06/2014 - 13:27:29 ---A- . (...) -- C:\zoek-results.log [1779]
~ Files: 14 Legitimates Filtered in 00mn 01s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 51 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 21/05/2011 - C:\Windows\System32\DRIVERS\tmtdi.sys (tmtdi) .(.Trend Micro Inc. - Trend Micro TDI Driver (amd64-fre).) - LEGACY_TMTDI
~ Legacy: 108 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/02/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 08/02/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 11/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/05/2011 267480 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SR - | Auto 11/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 12/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 12/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 16/09/2011 189832 | (LNSUSvc) . (.IBM Corp.) - C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
SR - | Auto 16/09/2011 4453768 | (Lotus Notes Diagnostics) . (.IBM.) - C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
SR - | Auto 16/09/2011 71048 | (Multi-user Cleanup Service) . (.IBM Corp.) - C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 218309 Items scanned in 00mn 09s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
~ MSI: 1 link(s) detected in 00mn 00s
~ 626 Legitimates filtered by white list
End of the scan (372 lines in 00mn 40s)(0)
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por NCaroline (02/06/2014 13:49:41)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Trend Micro Titanium Internet Security v3.00
Windows Defender W7 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Java 7 Update 25
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3998 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 427 GB (91%) free of 465 GB
---\\ Modo de conexão ao sistema
~ Computer Name: NATHALIA-PC
~ User Name: NCaroline
~ All Users Names: nathalia, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\NCaroline\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\NCaroline\AppData\Roaming\
~ %Desktop% : C:\Users\NCaroline\Desktop\
~ %Favorites% : C:\Users\NCaroline\Favorites\
~ %LocalAppData% : C:\Users\NCaroline\AppData\Local\
~ %StartMenu% : C:\Users\NCaroline\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 427 Go of 465 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.04/02/2014 - 16:02:41.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/02/2014 - 16:02:08.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/02/2014 - 16:02:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.04/02/2014 - 16:02:02.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 1/16
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.29875977E7C19FBD6893EB29B4306F1C] - (.Conexant Systems, Inc - SmartAudio.) -- C:\Program Files\Conexant\SAII\SmartAudio.exe [835200] [PID.3224]
[MD5.88FD47E3BD31BC358AD1EF14E75C7681] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336] [PID.3420]
[MD5.852803AAF50A785BAFE788D2AD666C78] - (.ScanSoft, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393] [PID.3480]
[MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe [872448] [PID.3628]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.3664]
[MD5.0E6215E64E7EAC14E41FBCF6A0254D57] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\NLNOTES.exe [1869192] [PID.4672]
[MD5.13CF6ECA3880A884C919BD3EF1ADB812] - (.IBM - Lotus Notes.) -- C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe [79232] [PID.4888]
[MD5.3A99915039B302B508661D18FE6EBC6F] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntaskldr.exe [16776] [PID.3592]
[MD5.ABAF4B46C4BFE9EAF9AD600373CB05E1] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\nNOTESMM.exe [13704] [PID.4352]
[MD5.A2CB714DCF8F0E134F2429AF673C7C08] - (.Oracle Corporation - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [506744] [PID.1384]
[MD5.9FECC05669A086A264B4D67A26CBC63D] - (.ABC71 Soluções em Informática - Menu Omega.) -- O:\Omega\Omega.exe [1226240] [PID.4256]
[MD5.4DF54ED7092A719FFA08F9E642B310BA] - (.ABC71 Soluções em Informática - Monitor de Atividades Omega.) -- O:\Omega\MonitorOmega.exe [58368] [PID.3172]
[MD5.3EA70A3B0C07049CCDE16D2CA1A95640] - (.ABC71 Soluções em Informática - Gerenciador de Janelas Omega.) -- O:\Omega\WndMgr.exe [171520] [PID.4520]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.1916]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.2248]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1616]
[MD5.2098AF12149789FA6608422C8796F77C] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832] [PID.1780]
[MD5.E4FA829273FDF5BD20FC9804FD5F9C20] - (.IBM - wnsd.) -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768] [PID.1800]
[MD5.FF54EA1617D15711690D5EF054512C21] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe [71048] [PID.1860]
[MD5.1E5D06F915260E9270287A1839A98671] - (.Conexant Systems, Inc. - SmartAudio Service Application.) -- C:\Windows\SysWOW64\SAsrv.exe [446592] [PID.2020]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.2084]
[MD5.6A35B295812CE7064CFBCD9F254169CF] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.4180]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50990;https=127.0.0.1:50990 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio Control Panel application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\NCaroline\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\NCaroline\AppData\Roaming\ContentExplorer\ContentExplorer.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl9] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [PDVD9LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [SSBkgdUpdate] . (.Scansoft, Inc. - SSBkgdUpdate.) -- C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O4 - HKLM\..\Wow6432Node\Run: [PaperPort PTD] . (.ScanSoft, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Wow6432Node\Run: [IndexSearch] . (.ScanSoft, Inc. - PaperPort IndexSearch.) -- C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Wow6432Node\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2161964215-3076242739-3676879385-2126\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\NCaroline\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-2161964215-3076242739-3676879385-2126\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\NCaroline\AppData\Roaming\ContentExplorer\ContentExplorer.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pin.armacell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.20.28.4 172.20.100.2
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2161964215-3076242739-3676879385-2126Core [1042]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2161964215-3076242739-3676879385-2126UA [1094]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4015131871-208339670-2462766555-1000Core [1038]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4015131871-208339670-2462766555-1000UA [1090]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM][64Bits] -- ContentExplorer
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABC71]
[HKCU\Software\ContentExplorer]
[HKLM\Software\Baidu Security]
~ Key Software: 155 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/06/2014 - 08:19:56 - [] ----D C:\Users\NCaroline\AppData\Roaming\ContentExplorer
O43 - CFD: 02/06/2014 - 13:09:53 - [0] ----D C:\Users\NCaroline\AppData\Roaming\smkits
~ Program Folder: 105 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3212745994FBDA47BDBF53E1A55F0AAF] - 02/06/2014 - 09:48:14 ---A- . (...) -- C:\zoek-results2014-06-02-124814.log [42186]
O44 - LFC:[MD5.9DD419EE9769EE9B5B64C9D03387AC5A] - 02/06/2014 - 10:16:14 ---A- . (...) -- C:\zoek-results2014-06-02-131614.log [21123]
O44 - LFC:[MD5.77C7CC9772093024BDD279D904A53579] - 02/06/2014 - 13:07:58 ---A- . (...) -- C:\SUService.log [30376]
O44 - LFC:[MD5.CECC459826D35B47770F8265E128EE92] - 02/06/2014 - 13:13:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [151066]
O44 - LFC:[MD5.1AFB9F40DFBEF0A1C648B3AD3982D9AC] - 02/06/2014 - 13:13:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [716886]
O44 - LFC:[MD5.CEDD1FC9F6B5F820533D00B593FE10B8] - 02/06/2014 - 13:14:03 ---A- . (...) -- C:\zoek-results2014-06-02-161403.log [8276]
O44 - LFC:[MD5.9252F78F99F158D1830F89AFB197E3C6] - 02/06/2014 - 13:27:29 ---A- . (...) -- C:\zoek-results.log [1779]
~ Files: 14 Legitimates Filtered in 00mn 01s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 51 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 21/05/2011 - C:\Windows\System32\DRIVERS\tmtdi.sys (tmtdi) .(.Trend Micro Inc. - Trend Micro TDI Driver (amd64-fre).) - LEGACY_TMTDI
~ Legacy: 108 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/02/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 08/02/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 11/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/05/2011 267480 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SR - | Auto 11/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 12/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 12/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 16/09/2011 189832 | (LNSUSvc) . (.IBM Corp.) - C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
SR - | Auto 16/09/2011 4453768 | (Lotus Notes Diagnostics) . (.IBM.) - C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
SR - | Auto 16/09/2011 71048 | (Multi-user Cleanup Service) . (.IBM Corp.) - C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 218309 Items scanned in 00mn 09s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
~ MSI: 1 link(s) detected in 00mn 00s
~ 626 Legitimates filtered by white list
End of the scan (372 lines in 00mn 40s)(0)
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 14:26
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Seg 02 Jun 2014, 16:57, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 14:44
Segue...
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by NCaroline at 02/06/2014 14:43:31
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\users\ncaroline\appdata\roaming\contentexplorer\uninstall.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer]
ELIMINÉ: HKCU\Software\ContentExplorer
ELIMINÉ:* HKLM\Software\Baidu Security
========== Valores do Registo ==========
ELIMINÉ RunValue: ContentExplorer
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\users\ncaroline\appdata\roaming\contentexplorer\contentexplorer.exe
ELIMINÉ Temporários windows (136) (2.326.493 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
3 : Chaves do Registo
7 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
3 : Ficheiros
1 : Softwares
1 : Restauração Sistema
End of clean in 05mn 52s
========== Caminho do ficheiro do relatório ==========
C:\Users\NCaroline\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/06/2014 14:43:35 [1689]
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by NCaroline at 02/06/2014 14:43:31
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\users\ncaroline\appdata\roaming\contentexplorer\uninstall.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ContentExplorer]
ELIMINÉ: HKCU\Software\ContentExplorer
ELIMINÉ:* HKLM\Software\Baidu Security
========== Valores do Registo ==========
ELIMINÉ RunValue: ContentExplorer
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\users\ncaroline\appdata\roaming\contentexplorer\contentexplorer.exe
ELIMINÉ Temporários windows (136) (2.326.493 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
3 : Chaves do Registo
7 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
3 : Ficheiros
1 : Softwares
1 : Restauração Sistema
End of clean in 05mn 52s
========== Caminho do ficheiro do relatório ==========
C:\Users\NCaroline\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/06/2014 14:43:35 [1689]
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 14:46
Reinicie o PC para o ZHP completar a limpeza.
Depois de reiniciar faça o seguinte:
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Depois de reiniciar faça o seguinte:
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 15:07
Segue
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por NCaroline (02/06/2014 15:04:48)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Trend Micro Titanium Internet Security v3.00
Windows Defender W7 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Java 7 Update 25
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3998 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 427 GB (91%) free of 465 GB
---\\ Modo de conexão ao sistema
~ Computer Name: NATHALIA-PC
~ User Name: NCaroline
~ All Users Names: nathalia, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\NCaroline\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\NCaroline\AppData\Roaming\
~ %Desktop% : C:\Users\NCaroline\Desktop\
~ %Favorites% : C:\Users\NCaroline\Favorites\
~ %LocalAppData% : C:\Users\NCaroline\AppData\Local\
~ %StartMenu% : C:\Users\NCaroline\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 427 Go of 465 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.04/02/2014 - 16:02:41.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/02/2014 - 16:02:08.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/02/2014 - 16:02:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.04/02/2014 - 16:02:02.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 1/19
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.29875977E7C19FBD6893EB29B4306F1C] - (.Conexant Systems, Inc - SmartAudio.) -- C:\Program Files\Conexant\SAII\SmartAudio.exe [835200] [PID.3132]
[MD5.88FD47E3BD31BC358AD1EF14E75C7681] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336] [PID.3368]
[MD5.852803AAF50A785BAFE788D2AD666C78] - (.ScanSoft, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393] [PID.3468]
[MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe [872448] [PID.3724]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.3732]
[MD5.0E6215E64E7EAC14E41FBCF6A0254D57] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\NLNOTES.exe [1869192] [PID.4080]
[MD5.13CF6ECA3880A884C919BD3EF1ADB812] - (.IBM - Lotus Notes.) -- C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe [79232] [PID.3212]
[MD5.3A99915039B302B508661D18FE6EBC6F] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntaskldr.exe [16776] [PID.3600]
[MD5.1F3A8448323CFA5E66AF02B1EDC2EEE4] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048] [PID.2188]
[MD5.9FECC05669A086A264B4D67A26CBC63D] - (.ABC71 Soluções em Informática - Menu Omega.) -- O:\Omega\Omega.exe [1226240] [PID.1436]
[MD5.4DF54ED7092A719FFA08F9E642B310BA] - (.ABC71 Soluções em Informática - Monitor de Atividades Omega.) -- O:\Omega\MonitorOmega.exe [58368] [PID.1020]
[MD5.3EA70A3B0C07049CCDE16D2CA1A95640] - (.ABC71 Soluções em Informática - Gerenciador de Janelas Omega.) -- O:\Omega\WndMgr.exe [171520] [PID.3576]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.4620]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.708]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1600]
[MD5.2098AF12149789FA6608422C8796F77C] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832] [PID.1772]
[MD5.E4FA829273FDF5BD20FC9804FD5F9C20] - (.IBM - wnsd.) -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768] [PID.1792]
[MD5.FF54EA1617D15711690D5EF054512C21] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe [71048] [PID.1848]
[MD5.1E5D06F915260E9270287A1839A98671] - (.Conexant Systems, Inc. - SmartAudio Service Application.) -- C:\Windows\SysWOW64\SAsrv.exe [446592] [PID.2008]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.4764]
[MD5.6A35B295812CE7064CFBCD9F254169CF] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.4956]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52693;https=127.0.0.1:52693 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio Control Panel application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\NCaroline\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl9] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [PDVD9LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [SSBkgdUpdate] . (.Scansoft, Inc. - SSBkgdUpdate.) -- C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O4 - HKLM\..\Wow6432Node\Run: [PaperPort PTD] . (.ScanSoft, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Wow6432Node\Run: [IndexSearch] . (.ScanSoft, Inc. - PaperPort IndexSearch.) -- C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Wow6432Node\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2161964215-3076242739-3676879385-2126\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\NCaroline\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pin.armacell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.20.28.4 172.20.100.2
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2161964215-3076242739-3676879385-2126Core [1042]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2161964215-3076242739-3676879385-2126UA [1094]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4015131871-208339670-2462766555-1000Core [1038]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4015131871-208339670-2462766555-1000UA [1090]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABC71]
~ Key Software: 151 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/06/2014 - 14:49:10 - [0] ----D C:\Users\NCaroline\AppData\Roaming\ContentExplorer
O43 - CFD: 02/06/2014 - 14:50:03 - [0] ----D C:\Users\NCaroline\AppData\Roaming\smkits
~ Program Folder: 105 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3212745994FBDA47BDBF53E1A55F0AAF] - 02/06/2014 - 09:48:14 ---A- . (...) -- C:\zoek-results2014-06-02-124814.log [42186]
O44 - LFC:[MD5.9DD419EE9769EE9B5B64C9D03387AC5A] - 02/06/2014 - 10:16:14 ---A- . (...) -- C:\zoek-results2014-06-02-131614.log [21123]
O44 - LFC:[MD5.CEDD1FC9F6B5F820533D00B593FE10B8] - 02/06/2014 - 13:14:03 ---A- . (...) -- C:\zoek-results2014-06-02-161403.log [8276]
O44 - LFC:[MD5.9252F78F99F158D1830F89AFB197E3C6] - 02/06/2014 - 13:27:29 ---A- . (...) -- C:\zoek-results.log [1779]
O44 - LFC:[MD5.2CD52835549D2A711CC81C3CA82B7024] - 02/06/2014 - 14:49:21 ---A- . (...) -- C:\SUService.log [30816]
O44 - LFC:[MD5.CECC459826D35B47770F8265E128EE92] - 02/06/2014 - 14:53:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [151066]
O44 - LFC:[MD5.1AFB9F40DFBEF0A1C648B3AD3982D9AC] - 02/06/2014 - 14:53:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [716886]
~ Files: 14 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 51 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 21/05/2011 - C:\Windows\System32\DRIVERS\tmtdi.sys (tmtdi) .(.Trend Micro Inc. - Trend Micro TDI Driver (amd64-fre).) - LEGACY_TMTDI
~ Legacy: 108 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/02/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 08/02/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 11/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/05/2011 267480 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SR - | Auto 11/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 12/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 12/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 16/09/2011 189832 | (LNSUSvc) . (.IBM Corp.) - C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
SR - | Auto 16/09/2011 4453768 | (Lotus Notes Diagnostics) . (.IBM.) - C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
SR - | Auto 16/09/2011 71048 | (Multi-user Cleanup Service) . (.IBM Corp.) - C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 218169 Items scanned in 00mn 14s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
~ MSI: 1 link(s) detected in 00mn 00s
~ 623 Legitimates filtered by white list
End of the scan (362 lines in 00mn 41s)(0)
~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por NCaroline (02/06/2014 15:04:48)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Trend Micro Titanium Internet Security v3.00
Windows Defender W7 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Java 7 Update 25
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3998 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 427 GB (91%) free of 465 GB
---\\ Modo de conexão ao sistema
~ Computer Name: NATHALIA-PC
~ User Name: NCaroline
~ All Users Names: nathalia, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\NCaroline\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\NCaroline\AppData\Roaming\
~ %Desktop% : C:\Users\NCaroline\Desktop\
~ %Favorites% : C:\Users\NCaroline\Favorites\
~ %LocalAppData% : C:\Users\NCaroline\AppData\Local\
~ %StartMenu% : C:\Users\NCaroline\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 427 Go of 465 Go)
D: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.04/02/2014 - 16:02:41.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/02/2014 - 16:02:08.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/02/2014 - 16:02:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.04/02/2014 - 16:02:02.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 1/19
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.29875977E7C19FBD6893EB29B4306F1C] - (.Conexant Systems, Inc - SmartAudio.) -- C:\Program Files\Conexant\SAII\SmartAudio.exe [835200] [PID.3132]
[MD5.88FD47E3BD31BC358AD1EF14E75C7681] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336] [PID.3368]
[MD5.852803AAF50A785BAFE788D2AD666C78] - (.ScanSoft, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393] [PID.3468]
[MD5.36E5CA5DCE72A831A3F7C7ED8AEA83AE] - (.Brother Industries, Ltd. - Control Center 3 Main Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe [872448] [PID.3724]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.3732]
[MD5.0E6215E64E7EAC14E41FBCF6A0254D57] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\NLNOTES.exe [1869192] [PID.4080]
[MD5.13CF6ECA3880A884C919BD3EF1ADB812] - (.IBM - Lotus Notes.) -- C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe [79232] [PID.3212]
[MD5.3A99915039B302B508661D18FE6EBC6F] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntaskldr.exe [16776] [PID.3600]
[MD5.1F3A8448323CFA5E66AF02B1EDC2EEE4] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048] [PID.2188]
[MD5.9FECC05669A086A264B4D67A26CBC63D] - (.ABC71 Soluções em Informática - Menu Omega.) -- O:\Omega\Omega.exe [1226240] [PID.1436]
[MD5.4DF54ED7092A719FFA08F9E642B310BA] - (.ABC71 Soluções em Informática - Monitor de Atividades Omega.) -- O:\Omega\MonitorOmega.exe [58368] [PID.1020]
[MD5.3EA70A3B0C07049CCDE16D2CA1A95640] - (.ABC71 Soluções em Informática - Gerenciador de Janelas Omega.) -- O:\Omega\WndMgr.exe [171520] [PID.3576]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Users\NCaroline\AppData\Local\Google\Chrome\Application\chrome.exe [860488] [PID.4620]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.708]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1600]
[MD5.2098AF12149789FA6608422C8796F77C] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832] [PID.1772]
[MD5.E4FA829273FDF5BD20FC9804FD5F9C20] - (.IBM - wnsd.) -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4453768] [PID.1792]
[MD5.FF54EA1617D15711690D5EF054512C21] - (.IBM Corp - IBM Lotus Notes/Domino.) -- C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe [71048] [PID.1848]
[MD5.1E5D06F915260E9270287A1839A98671] - (.Conexant Systems, Inc. - SmartAudio Service Application.) -- C:\Windows\SysWOW64\SAsrv.exe [446592] [PID.2008]
[MD5.52069AEB42D3D0F97CBCA1085EBF55E6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432] [PID.4764]
[MD5.6A35B295812CE7064CFBCD9F254169CF] - (.Intel Corporation - Intel(R) Local Management Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [390616] [PID.4956]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\NCaroline\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52693;https=127.0.0.1:52693 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [cAudioFilterAgent] . (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) -- C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\Run: [SmartAudio] . (.Conexant Systems, Inc. - SmartAudio Control Panel application.) -- C:\Program Files\CONEXANT\SAII\SAIICpl.exe
O4 - HKLM\..\Run: [Trend Micro Client Framework] . (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
O4 - HKLM\..\Run: [Trend Micro Titanium] . (.Trend Micro Inc. - Trend Micro Client Main Console.) -- C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\NCaroline\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl9] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [PDVD9LanguageShortcut] . (.CyberLink Corp. - PowerDVD Language Application.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [SSBkgdUpdate] . (.Scansoft, Inc. - SSBkgdUpdate.) -- C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
O4 - HKLM\..\Wow6432Node\Run: [PaperPort PTD] . (.ScanSoft, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Wow6432Node\Run: [IndexSearch] . (.ScanSoft, Inc. - PaperPort IndexSearch.) -- C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Wow6432Node\Run: [BrMfcWnd] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
O4 - HKLM\..\Wow6432Node\Run: [ControlCenter3] . (.Brother Industries, Ltd. - ControlCenter Program.) -- C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2161964215-3076242739-3676879385-2126\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\NCaroline\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpNameServer = 10.20.28.4 172.20.100.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{14B8FC27-3AFE-4CDC-B38E-760CC0D1A051}: DhcpDomain = pin.armacell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pin.armacell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.20.28.4 172.20.100.2
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2161964215-3076242739-3676879385-2126Core [1042]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2161964215-3076242739-3676879385-2126UA [1094]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4015131871-208339670-2462766555-1000Core [1038]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4015131871-208339670-2462766555-1000UA [1090]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ABC71]
~ Key Software: 151 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/06/2014 - 14:49:10 - [0] ----D C:\Users\NCaroline\AppData\Roaming\ContentExplorer
O43 - CFD: 02/06/2014 - 14:50:03 - [0] ----D C:\Users\NCaroline\AppData\Roaming\smkits
~ Program Folder: 105 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3212745994FBDA47BDBF53E1A55F0AAF] - 02/06/2014 - 09:48:14 ---A- . (...) -- C:\zoek-results2014-06-02-124814.log [42186]
O44 - LFC:[MD5.9DD419EE9769EE9B5B64C9D03387AC5A] - 02/06/2014 - 10:16:14 ---A- . (...) -- C:\zoek-results2014-06-02-131614.log [21123]
O44 - LFC:[MD5.CEDD1FC9F6B5F820533D00B593FE10B8] - 02/06/2014 - 13:14:03 ---A- . (...) -- C:\zoek-results2014-06-02-161403.log [8276]
O44 - LFC:[MD5.9252F78F99F158D1830F89AFB197E3C6] - 02/06/2014 - 13:27:29 ---A- . (...) -- C:\zoek-results.log [1779]
O44 - LFC:[MD5.2CD52835549D2A711CC81C3CA82B7024] - 02/06/2014 - 14:49:21 ---A- . (...) -- C:\SUService.log [30816]
O44 - LFC:[MD5.CECC459826D35B47770F8265E128EE92] - 02/06/2014 - 14:53:39 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [151066]
O44 - LFC:[MD5.1AFB9F40DFBEF0A1C648B3AD3982D9AC] - 02/06/2014 - 14:53:39 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [716886]
~ Files: 14 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 51 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 21/05/2011 - C:\Windows\System32\DRIVERS\tmtdi.sys (tmtdi) .(.Trend Micro Inc. - Trend Micro TDI Driver (amd64-fre).) - LEGACY_TMTDI
~ Legacy: 108 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 04/02/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 08/02/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 11/05/2013 822232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 21/05/2011 267480 | (Amsp) . (.Trend Micro Inc..) - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
SR - | Auto 11/05/2013 733696 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 12/09/2013 169432 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 12/09/2013 390616 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 16/09/2011 189832 | (LNSUSvc) . (.IBM Corp.) - C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe
SR - | Auto 16/09/2011 4453768 | (Lotus Notes Diagnostics) . (.IBM.) - C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
SR - | Auto 16/09/2011 71048 | (Multi-user Cleanup Service) . (.IBM Corp.) - C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (SAService) . (.Conexant Systems, Inc..) - C:\Windows\System32\SAsrv.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 218169 Items scanned in 00mn 14s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
~ MSI: 1 link(s) detected in 00mn 00s
~ 623 Legitimates filtered by white list
End of the scan (362 lines in 00mn 41s)(0)
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 15:17
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.
Última edição por Power Max em Seg 02 Jun 2014, 16:50, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 16:32
Oi, não fiz ainda essa atualização de programas desnecessário, mas o CE_Umbrella já não está mais aparecendo.
Isso quer dizer que ele foi eliminado do computador?
Isso quer dizer que ele foi eliminado do computador?
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 16:35
Siga a outra dica que te passei acima com o ZHPFix e poste o relatório dele, por gentileza.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 16:38
Mas quais os programas serão apagados? pois o computar é da empresa que trabalho, e não posso apagar programas de uso no trabalho.
Pode me informar exatamente, por favor?
Pode me informar exatamente, por favor?
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 16:40
Esta dica de escolher os programas que iniciam com o PC não apaga programa nenhum. Só serve para escolher quais programas você quer que iniciem com o Windows. E caso a pessoa mude de idéia depois é só ativar novamente o programa que quer que inicie juntamente com o sistema.
_________________________________________________________
Mas esta outra dica abaixo que te passei é muito importante porque o Umbrella ainda está aparecendo no PC:
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.
_________________________________________________________
Mas esta outra dica abaixo que te passei é muito importante porque o Umbrella ainda está aparecendo no PC:
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.
Última edição por Power Max em Seg 02 Jun 2014, 16:49, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 16:47
Ok, segue o relatório
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by NCaroline at 02/06/2014 16:44:37
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (44) (3.515.243 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 19s
========== Caminho do ficheiro do relatório ==========
C:\Users\NCaroline\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/06/2014 14:43:35 [1773]
C:\Users\NCaroline\AppData\Roaming\ZHP\ZHPFix[R2].txt - 02/06/2014 16:44:42 [1247]
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by NCaroline at 02/06/2014 16:44:37
High Elevated Privileges : OK
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (44) (3.515.243 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 19s
========== Caminho do ficheiro do relatório ==========
C:\Users\NCaroline\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/06/2014 14:43:35 [1773]
C:\Users\NCaroline\AppData\Roaming\ZHP\ZHPFix[R2].txt - 02/06/2014 16:44:42 [1247]
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por NCL Seg 02 Jun 2014, 16:50
No momento não há nada de estranho, está normal ao meu ver.
Será que agora esse Umbrella saiu?
Será que agora esse Umbrella saiu?
NCL- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 02/06/2014
Re: CE_Umbrella - URGENTE
por Power Max Seg 02 Jun 2014, 16:52
O relatório está limpo. Só para finalizar siga estes tutoriais abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: CE_Umbrella - URGENTE
por Danii Seg 02 Jun 2014, 18:19
CASO RESOLVIDO
Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|